Internet (Lack of) Security News through 3/31

Internet Security News This Free IT-Security news feed is provided by E-Secure-IT; the most comprehensive and complete Business Risk Management Intelligence Service and IT-Security Risk and Threat Early Warning Service available in the market today. Visit us at www.e-secure-it.com or email more-info@e-secure-it.com for more information on our available services.

Detective: Hundreds could be victims of identity theft (from KVUE at 1-4-2010) Travis County deputies have arrested a man who they say is responsible for hundreds of cases of identity theft. Piles of checks, drivers’ licenses, gift cards and receipts blanketed a table at the Travis County Sheriff's Office Wednesday. "We recovered 70 fake Texas licenses and ID cards, 628 stolen and counterfeit checks," said Detective Carri Turner.... read more»

Data Theft Trojans, Black Market Cybercrime Tools on the Rise (from eSecurity Planet at 1-4-2010) Cyber crooks are becoming more destructive and inventive, according to Panda Security's latest cybersecurity and vulnerability report, despite the fact that they're less skilled and technically proficient than their predecessors. This trend, which includes a resurgence in the number of traditional viruses and adware scams infesting the Internet, can largely be attributed to do-it-yourself malware kits sold online for just a few hundred bucks that can turn anyone with opposable thumbs and an I... read more»

'Fog of War' Led To Operation Aurora Malware Mistake (from Dark Reading at 1-4-2010) Turns out some pieces of malware included in McAfee's initial analysis of the code used in the wave of targeted attacks that hit Google, Adobe, Intel, and other U.S. companies had nothing to do with the now-infamous Operation Aurora attacks after all. McAfee now says four pieces of malware that it originally identified in its research were present in Aurora-infected machines by coincidence, and instead are part of another attack currently underway that builds a botnet for hactivist attacks in... read more»

Federal Judge Finds N.S.A. Wiretaps Were Illegal (from The New York Times at 1-4-2010) A federal judge ruled Wednesday that the National Security Agency’s program of surveillance without warrants was illegal, rejecting the Obama administration’s effort to keep shrouded in secrecy one of the most disputed counterterrorism policies of former President George W. Bush. In a 45-page opinion, Judge Vaughn R. Walker ruled that the government had violated a 1978 federal statute requiring court approval for domestic surveillance when it intercepted phone calls of Al Haramain, a now-defu... read more»

NSA's domestic spying was illegal, federal judge rules (from boingboing at 1-4-2010) A federal judge today ruled that the NSA's warrantless wiretapping program was illegal. In doing so, the judge rejects the Obama administration's attempts to maintain the secrecy around the widely criticized program introduced by Bush after the 9/11 attacks: n a 45-page opinion, Judge Vaughn R. Walker ruled that the government had violated a 1978 federal statute requiring court approval for domestic surveillance when it intercepted phone calls of Al Haramain, a now-defunct Islamic charity in ... read more»

Summarizing Zero Day's Posts for March (from Dancho Danchev at 1-4-2010) The following is a brief summary of all of my posts at ZDNet's Zero Day for March, 2010. You can also go through previous summaries, as well as subscribe to my personal RSS feed, Zero Day's main feed, or follow me on Twitter:... read more»

Proposed law would keep inmates from data (from United Press International at 1-4-2010) The U.S. Social Security Administration plans to propose legislation to ban prisoners from access to data that could be used for identity theft, officials say. Most states have laws barring inmates in training or work programs from seeing Social Security numbers and other personal data, The Kansas City (Mo.) Star reports. But eight states, including Kansas, do not.In Kansas, inmates perform data entry for state and local governments, the courts and non-profit groups. An audit by the Social Se... read more»

Google blames China for search block (from v3 at 1-4-2010) Google has backtracked on an initial statement that the blocking of some of its services in China had been the result of its own technical error, leading to renewed speculation that the Chinese authorities are interfering with its web traffic. It was originally claimed that Google's search services were being deliberately blocked after the firm moved its operation to Hong Kong to avoid censorship in mainland China.... read more»

Top execs need to be involved in cybersecurity, study says (from ComputerWorld at 1-4-2010) Organizations with top executives who aren't involved in cybersecurity decisions face a serious problem -- a major hit to their bottom lines, according to a report released Wednesday. "Many organizations see cybersecurity as solely an IT problem," said Karen Hughes, director of homeland security standards programs at the American National Standards Institute (ANSI), one of the major sponsors of the new report. "We are directing a wake-up call to executives nationwide. The message is, this is ... read more»

Facebook bug exposes private emails (from v3 at 1-4-2010) Facebook has been hit by another privacy scandal after an apparent technical glitch led to the site disclosing the private email addresses of its users. The privacy mishap, which according to reports lasted for half an hour yesterday, was discussed by angry users on Twitter. "Last night during Facebook’s regular code push, a bug caused hidden email addresses to be visible briefly,” said a Facebook spokesman. Although Facebook maintained that the bug was noticed and corrected within minutes, t... read more»

China cyber attack targets journalists (from v3 at 1-4-2010) The Foreign Correspondents' Club of China (FCCC) today claimed that a number of its members have had their Yahoo email accounts hacked and tampered with.The Beijing-based press association said eight journalists have had their email accounts hacked, including one that had a forwarding address added to his account settings. We approached Yahoo in the UK for a comment, but so far it has not responded. Nor, it appears, has it responded to calls from the FCCC for clarification. “Yahoo has not ans... read more»

IT professionals must adapt or die (from v3 at 1-4-2010) The role of IT professionals will change dramatically over the next 10 years as technology becomes more advanced, according to the Recruitment and Employment Confederation (REC) Technology group. The organisation said in new report on technology in the workplace in 2020 that the role of IT professionals will evolve to align with business objectives, and that IT professionals need to enhance their skills to compete with the pace of IT growth.... read more»

FBI's new IT system faces delay (from straitstimes at 1-4-2010) A LONG-RUNNING effort to upgrade FBI computerised case files faced additional big cost overruns and a new delay, the US Justice Department's inspector general said in a report issued on Wednesday. The Federal Bureau of Investigation and the contractor Lockheed Martin Corp were renegotiating the budget - last estimated at US$451 million (S$631 million) - as well as the schedule and some of the work to be performed, the report said.... read more»

Revising privacy law for the 'cloud' era (from CNN at 1-4-2010) The government needs a search warrant to bust into your house, search your files, and pull out any incriminating documents. It needs the same warrant for files stored on your computer. So why doesn't the same standard apply when the same information is stored in online servers operated by third parties like Google or Microsoft? The answer is 1986's Electronic Communications Privacy Act, drafted in a different era. Many of its distinctions no longer make sense today, such as the one between "p... read more»

We are experiencing e-mail issues (from Internet Storm Center at 1-4-2010) Our apologies, e-mail (including via the contact page) is not getting through to us since about 17:00 EDT (21:00 UTC). We are aware of the issue and it is being worked on. If you got a bounce message, you'll probably need to resend once the problems are fixed. Again, we apologize and hope to have things fixed soon. Update: (2010-04-01 01:50 UTC) E-mail seems to be flowing again. Thanx for your patience. If you tried to send anything in the last few hours, please resend.... read more»

Internet disruptions raise tensions for Google in China (from Washington Post at 1-4-2010) Several Internet disruptions in Asia this week portend what could be a long standoff between China and foreign search giants. On Tuesday, Internet hackers hit Vietnamese-speaking computer users in an attempt to squelch criticism of a controversial Chinese-backed mining project in Vietnam, according to Google. And foreign journalists covering China and Taiwan reported that their Yahoo e-mail accounts were recently hacked.... read more»

Google says Vietnam political blogs hacked (from News at 1-4-2010) INTERNET giant Google says Vietnamese computer users have been spied on and political blogs hacked in attacks which a leading web security firm suspects are linked to the country's government. The incidents recall cyber attacks in China that Google in January said had struck it and other unidentified firms in an apparent bid to hack into the email accounts of Chinese human rights activists. "These infected machines have been used both to spy on their owners as well as participate in distri... read more»

Gaming Apps Increase Spam, Phishing by 50 Percent (from Yahoo at 1-4-2010) Gamers beware – the next person you add to your gaming social network could be a spammer or phisher. A new report from BitDefender found that gaming applications increase spam and phishing by more than 50 percent in social networks. While most users of social networks are somewhat selective in who they add to circle of friends – filtering out those they suspect to be spammers – gamers often willingly add suspicious friends in an effort to expand their player community. Some entertainment apps... read more»

How I became a target of China's war in cyberspace (from The Independent at 1-4-2010) Logging on to my Yahoo email account this week, I was greeted with the message: "We've detected an issue with your account." My inquiries appeared to reveal that this was part of a sophisticated and co-ordinated hacking campaign against journalists, academics and rights activists based in China, or dealing with the China story elsewhere.... read more»

Why Internet connections are fastest in South Korea (from CNN at 1-4-2010) People in the United States basically invented the Internet. So U.S. connections must be the fastest and cheapest in the world, right? Not so much. Broadband Internet speeds in the United States are only about one-fourth as fast as those in South Korea, the world leader, according to the Internet monitoring firm Akamai. And, as if to add insult to injury, U.S. Internet connections are more expensive than those in South Korea, too.... read more»

NJ court: Employee-attorney e-mails are private (from Yahoo at 1-4-2010) In a decision that could set new ground rules for Internet privacy in the workplace, New Jersey's Supreme Court has ruled an employer was wrong in retrieving e-mails between a former employee and her attorney, even though they were sent from a company computer. The 7-0 ruling published Tuesday in Stengart v. Loving Care Agency is believed to be the first of its kind to reach a state Supreme Court, attorneys involved in the case said. "Courts are looking more closely at privacy claims in the ... read more»

Technical paper: SEO poisoning attacks (from Sophos at 1-4-2010) Regular readers will have seen numerous recent SophosLabs blogs describing how attackers are poisoning search engine results in order to hit victims with malware. In recent months, these type of Search Engine Optimisation (SEO) attacks have become a route through which fake anti-virus malware is being distributed. One thing common to the attacks is that the SEO pages are hosted within legitimate sites. This makes it harder for the search engines to identify the rogue pages, and exclude them f... read more»

Spam Site Registrations Flee China for Russia (from KrebsonSecurity at 1-4-2010) A crackdown by the Chinese government on anonymous domain name registrations has chased spammers from Chinese registrars (.cn) to those that handle the registration of Russian (.ru) Web site names, new spam figures suggest. Yet, those spammy domains may soon migrate to yet another country, as Russia is set to enforce a policy similar to China’s beginning April 1. In mid-December 2009, the China Internet Network Information Center (CNNIC) announced that it was instituting steps to make it much... read more»

Survey: WiFi security remains a problem in Hong Kong (from mis-asia at 1-4-2010) While 84 per cent of WiFi access points in Hong Kong are encryption enabled, only 6 per cent of them are encrypted with today's most secure technology WPA or WPA 2 AES, said Hong Kong Wireless Technology Industry Association (WTIA) lately when releasing its 2009 War Driving Surveys results. The survey was carried out in a non-intrusive and responsible way, said WTIA and Professional Information Security Association (PISA) that was also involved in the survey. The information of individual vul... read more»

Kids' mobile phones need pxxx filters, says report (from Computer World at 1-4-2010) Mobile phones should be fitted with pxxx filters to stop children accessing inappropriate content from their handsets, says Professor Tanya Byron. The government's internet safety advisor said phones that use a Wi-Fi connection to access the web posed the biggest threat, as kids can bypass any parental control set up on the phone. Currently, parental controls can be activated either when the phone is purchased or by contacting a network's customer services department at a later date. However... read more»

Centrelink to offer free Internet access (from Computer World at 1-4-2010) Centrelink visitors around Australia will soon be able to use their mobile phones and laptops to access Government websites across wireless local area networks (WLANs) while they wait to be served. Government documents show the welfare agency will roll out an 802.11n WLAN at 389 of its offices within six months of awarding the tender to help with chronic long queues and enable more flexible service offerings.... read more»

UK.gov revamps cybercrime strategy (from The Register at 1-4-2010) The government has announced a modest revamp of its strategy for fighting cybercrime. In a low-key statement to the House of Commons on Tuesday, junior Home Office minister Alan Campbell said the strategy aimed to build confidence in the provision of (government and private sector) services via the internet, tackle financial crime on the net and protect children. The strategy puts the newly established Office for Cyber Security at the forefront of tackling cybercrime and emphasises five key e... read more»

Urban Legend Watch: Cyberwar Attack on U.S. Central Command (from Wired at 1-4-2010) A foreign government’s computer hackers were found lurking on a classified U.S. military network in 2008. More than 20 years ago, the United States realized that having an advantage in “intangible factors” — more information, better communications, greater precision — was as important as having more tanks or airplanes. Some call it a “force multiplier.” Cyber capabilities are a force multiplier. Having an “informational advantage” makes U.S. forces more effective. The people who plan to fight... read more»

Google warns of 'general threat' to the internet (from v3 at 1-4-2010) A Google security expert has warned that the attacks against its systems in January, which kicked off worldwide discussions on cyber freedom and government control of communications, represent a far wider "general threat" to the internet. Neel Mehta, a researcher with Google's security team, said in a blog post that, while malware is the root of the problem, it becomes truly destructive when used to "suppress opinions of dissent".... read more»

Commission eyes Telecom's about-face on XT (from NBR at 1-4-2010) Yesterday, NBR revealed the surprising extent of Telecom’s upgrades to its XT network, including the accelerated roll out of dozens of new cell towers, and hundreds of tower-mounted amplifiers. Some of this spending was planned (but dragged forward); millions, apparently was not. Joe Caccioppoli, head of mobile at Telecom’s Gen-i division, told an audience at a Telecommunications Users Association event on March 24 that the 97% population coverage claim was made before XT’s launch based on mo... read more»

Root causes of XT failure identified (from Computer World at 1-4-2010) Telecom and its infrastructure provider Alcatel-Lucent have got to the bottom of the causes of the four major problems in the early days of the XT network, members of TUANZ were assured at a meeting last Tuesday. However, no absolute guarantee of failsafe operation could be given, the companies say. LV Martin's slogan “it’s the putting it right that counts” was quoted several times during the meeting. TUANZ CEO Ernie Newman is positive about Telecom’s efforts, but several members clearly beli... read more»

Sexy romances protect data by distracting hackers, Sophos research proves (from Sophos at 1-4-2010) IT security firm Sophos today reveals important new research into a brand new method of protecting sensitive data on business networks. As well as including the technology, called "Protection through Distraction", into the next version of its software, Sophos will also begin to roll out the technology to select customers as soon as possible. Data protection is a key security issue for many companies, and existing technologies, such as encryption, data loss prevention (DLP), firewalls and anti... read more»

BT flood knocks out broadband and phone services (from BBC at 1-4-2010) A major flood at a BT exchange in Paddington, London has affected broadband and telephone services across the UK. In a statement BT said it could not predict when either service would be restored. "Tens of thousands" of customers have been affected, said the firm, with the majority in north and west London. BT confirmed that some mobile phone services may be affected by the incident, which also caused a fire. London Fire Brigade attended the scene at 7.30am on 31 March. The flood wa... read more»

Delete child abuse websites says German minister (from hostexploit at 1-4-2010) Germany has called for stronger action to combat images of child sex abuse online, saying material should be deleted rather than blocked. Justice minister Sabine Leutheusser-Schnarrenberger said Germany "rejected" the idea of stopping people getting access to images by blocking. Her comments came after the unveiling of European Commission plans to block child sex abuse sites outside Europe.... read more»

Google's about-face; now it says China blocked its sites (from ComputerWorld at 1-4-2010) The Chinese government apparently slowed access to Google Web sites earlier this week, as the search giant last night backed off earlier statements that access to the site was blocked by changes Google made to the engine's search parameters. Google had disclosed early this week some users in China were unable to complete Google searches or had intermittent trouble accessing any of Google's Chinese-language sites. That disclosure prompted some immediate speculation that China was blocking a... read more»

Spam over IPv6 (from hostexploit at 1-4-2010) With the increased deployment of IPv6, we were curious to see how much the amount of spam sent over IPv6 increases. We looked at the e-mail system of the RIPE NCC and produced some statistics that could be seen as an indication for the overall trend of spam sent over IPv6. After we evaluated one week’s worth of data, we observed the following [please note that this excludes messages already rejected by blacklisting and greylisting (more on this below)]:... read more»

Reports made that Yahoo accounts of foreign journalists based in China and Taiwan have been hacked (from hostexploit at 1-4-2010) Webmail accounts of foreign journalists based in China and Taiwan have reportedly been hacked. According to BBC News, the Foreign Correspondents' Club of China (FCCC) has confirmed eight cases of Yahoo email hacks in recent weeks, and criticised Yahoo for not answering the FCCC's questions about the attacks or telling individual mail users about how the accounts were accessed.... read more»

Blue Coat Report Examines Evolving Malware Attack Strategies that Exploit Online User Behavior (from hostexploit at 1-4-2010) Blue Coat Systems, Inc. (Nasdaq: BCSI), the technology leader in Application Delivery Networking, today published its annual Blue Coat Web Security Report for 2009, which provides a comprehensive analysis of user behavior in relation to Web-based threats and specifically examines where users encountered Malware on the Internet. Based on data collected from the Blue Coat® WebPulse™ service, the report concludes that the overwhelming popularity of social networking services and changes in onli... read more»

Millions in China have no antivirus software, survey shows (from ComputerWorld at 31-3-2010) The massive number of Chinese Internet users running no antivirus software increased last year, a survey showed, even though online security risks continued to multiply in the country. The percentage of Internet users in China with no security software was 4.4% last year,a up from 3.9% the previous year, according to survey results released late Tuesday by the China Internet Network Information Center (CNNIC) and China's National Computer Network Emergency Response Technical Team (CNCERT). ... read more»

Data sifted from Facebook wiped after legal threats (from NewScientist at 31-3-2010) Legal threats from Facebook have led to the destruction of a social science dataset about to be released to researchers. Lawyers from the social networking site contacted Pete Warden, an entrepreneur based in Boulder, Colorado, in February after he announced plans to release data he had collected from the public profiles of 210 million Facebook users. Warden says that Facebook threatened legal action if he did not delete the data. He duly destroyed all the records, saying he did not have t... read more»

CERN tackles glitches, pushes new science frontier (from Reuters at 31-3-2010) Physicists at CERN, buoyed by their ground-breaking success in creating mini-Big Bangs, giving them a glimpse of the dawn of time, have set their sights on pushing closer to the very birth of the universe. Just a day after achieving the first megapower particle collisions at 50 per second, they began efforts on Wednesday to boost that number to 300 per second inside the Large Hadron Collider (LHC) at CERN, the European Organization for Nuclear Research. "We are moving to ever new frontiers... read more»

Your Company Is Watching You (from fins at 31-3-2010) Whether it's an SEC official or a Macquarie banker, employees today don't seem to be too worried about Big Brother keeping tabs on online workplace activity. After all, who cares whether the CEO sees your tweets about last night's episode of "Dancing with the Stars" when you're making your numbers? But companies are increasingly starting to care. And many of the most stringent policies can be found at financial institutions. "There's a very, very narrow category of internet websites our br... read more»

Social networking risks under little control (from Net-Security at 31-3-2010) While social media is pervasive in organizations worldwide, usage has far outpaced controls, according to the latest study conducted by Palo Alto Networks. The degree of associated risk varies dramatically across industries and geographies, depending upon factors such as regulations and cybercrime. IT professionals must consider the heterogeneity of risk in their application usage policies, compliance needs and security profiles. This report shows that barriers to accessing applications are a... read more»

Researcher exploits PDF file without using a vulnerability (from Net-Security at 31-3-2010) Didier Stevens, security researcher and expert on malicious PDF files, has succeeded in creating a proof-of-concept PDF file that uses the launch action triggered by the opening of the file to execute the embedded malicious executable. What makes this piece of news really interesting is that he didn't exploit a security vulnerability in the PDF file, but he found a way to start the /Launch /Action command and embed the malicious file using a special technique.... read more»

Beware targeted attacks around tax season (from Net-Security at 31-3-2010) With the tax filing deadline less than three weeks away, we’re entering the busiest time of the tax season according to the IRS. Last year, almost 95 million people e-filed their tax returns. That was over 67 percent of the total population that filed taxes in the United States. Included in the total of e-filers were 32 million people who e-filed by a home computer. With that many people doing their taxes online or having a tax preparer do it for them, AVG Technologies is warning of a last mi... read more»

New Technology And The Rise In Portable Security Risks (from eurasiareview at 31-3-2010) More and more employees are bringing personal mobile devices, such as media players, flash drives and smart phones, to work for entertainment, communications and other purposes. Equally, many employers issue their staff with such devices to allow them to be more mobile and to run business applications as part of their job. This explosion of personal devices with built in web connectivity, office applications and email can improve working practices but also comes with risks not limited to time... read more»

Maximum Security: 2010 Internet Security Suites (from ComputerWorld at 31-3-2010) The year 2009 was a bad one for PC security: Online attackers created more malware last year than in the previous 20 years combined. Clearly, this means that in the realm of computer security, the rules have changed, and you can no longer rely solely on traditional definition-based antivirus software and firewalls to protect your PC. Instead, to meet this new breed of threats, you need a new breed of security. Over the past few years, security suites have been improving, thanks both to the en... read more»

Europe Declares War on Cyber Crime (from thenewnewinternet at 31-3-2010) 1500 cybersecurity experts from 23 countries will meet in Lille, France at the International Forum on Cyber Crime (FIC). Topics of debate and discussion will include identity theft, data piracy, virus attacks, electronic fraud, network penetration, botnets and espionage. This summit represents an effort to foster international cooperation in securing cyberspace and reconcile differing privacy and intellectual property laws from across the world. The event will begin Wednesday, inaugurate... read more»

MIT project keeps apps running, even under attack (from ComputerWorld at 31-3-2010) Researchers led by the Massachusetts Institute of Technology and funded by the US Defense Advanced Research Projects Agency (DARPA) have developed software that keeps applications running during attacks, then finds and installs permanent patches to protect them. The ClearView system detects attacks by noting when applications perform outside their normal range of behaviour, indicating an attack of some sort. To fend off attacks, it tries out a variety of patches on the fly, choosing the one t... read more»

TJX hacker’s ‘lieutenant’ gets 7-year sentence (from Boston at 31-3-2010) Another hacker involved in the massive theft of credit card numbers from TJX and other retailers is going to be locked away. In US District Court in Boston yesterday, Judge Douglas Woodlock sentenced Christopher Scott of Miami, who helped infiltrate the wireless data networks of several national retailers, to seven years in prison. Prosecutors described Scott, 27, as a key lieutenant of Albert Gonzalez, the 28-year-old Florida hacker who between 2003 and 2007 stole tens of millions of cred... read more»

Security researchers scrutinise search engine poisonings (from theregister at 31-3-2010) The techniques used by unloveable rogues who automate search engine manipulation attacks themed around breaking news to sling scareware have been unpicked by new research from Sophos. A research paper published on Wednesday by Sophos researchers Fraser Howard and Onur Komili lifts the lid on the search engine optimisation techniques used by hackers to hook surfers into their scams. Attackers use automated kits to apply blackhat SEO methods – cynically exploiting tragic or salacious breakin... read more»

UDCon:Zurich_2010 - Zurich, Switzerland - September 17-19 (from Red Hat at 31-3-2010) Hi Fedora community, Feel free to help spread the word about the next two Fedora User & Developer Conferences (FUDCons) that are being organized for 2010. FUDCon is always free to attend, but we do ask you to pre-register for planning purposes. Registration is available on the pages below. FUDCon Zurich will be held in Zurich, Switzerland from September 17-19. https://fedoraproject.org/wiki/FUDCon:Zurich_2010... read more»

FUDCon:Santiago_2010 - Santiago, Chile from July 15-17 (from RedHat at 31-3-2010) Hi Fedora community, Feel free to help spread the word about the next two Fedora User & Developer Conferences (FUDCons) that are being organized for 2010. FUDCon is always free to attend, but we do ask you to pre-register for planning purposes. Registration is available on the pages below. FUDCon Santiago will be held in Santiago, Chile from July 15-17. https://fedoraproject.org/wiki/FUDCon:Santiago_2010... read more»

Government Stops Shielding Corporate Breach ‘Victims’ (from Wired at 31-3-2010) For the past few months, national retailer J.C. Penney has been fighting an under-seal court battle to keep you from knowing that its payment card network was breached by U.S. and Eastern European hackers. The intrusions, by TJX hacker Albert Gonzalez and his overseas accomplices, occurred beginning in October 2007. J.C. Penney admits it was “wholly unaware” of the breach until the Secret Service told the company about it in May 2008, but now says with certitude that no identity or bank-card ... read more»

Conficker fizzled a year ago, but headache remains (from CNet at 31-3-2010) A year ago, a variant of the high-profile Conficker worm was all set to stir, programmed to begin receiving update instructions on April 1, with potential consequences being anybody's guess. Those fears were unfounded as the worm's worst impact appeared to be that it installed malware that displays fake antivirus warnings. The time bomb failed to blow up, and the buzz died down. But a year later several variants of the worm are still around and growing, albeit slowly--causing problems for ... read more»

The Impact of the Internet on Institutions in the Future (from PewInternet at 31-3-2010) By an overwhelming margin, technology experts and stakeholders participating in a survey fielded by the Pew Research Center’s Internet & American Life Project and Elon University’s Imagining the Internet Center believe that innovative forms of online cooperation could result in more efficient and responsive for-profit firms, non-profit organizations, and government agencies by the year 2020. A highly engaged set of respondents that included 895 technology stakeholders and critics participated... read more»

Obama faces major online privacy test (from CNet at 31-3-2010) When Barack Obama was campaigning for the presidency in 2008, he promised that as president, he would "strengthen privacy protections for the digital age." That pledge will be put to the test as the Obama administration considers whether to support a new privacy proposal released by a coalition including Google, eBay, Microsoft, AT&T, the ACLU, and Americans for Tax Reform. CNET was the first to report on the proposal in an article published Monday.... read more»

Beware! First Week of April Brings Spyware Infections (from enterprise-security-today at 31-3-2010) SUPERAntiSpyware.com, a Pacific Northwest developer of state-of-the-art anti-spyware solutions, wants to remind computer users that the first week of April typically brings an increase in new spyware infections. It's become something of an annual tradition that causes havoc for computer users, lost productivity, increased expenses, and overall inconvenience. This period of increased spyware activity is a good time to remind computer users to be extra vigilant: Don't open emails –- especial... read more»

Security Breach Pushes MidFlorida Credit Union to Issue New Debit Cards (from theledger at 31-3-2010) Some MidFlorida Credit Union members are getting new debit cards because of a fraud risk. Kathy Britt, chief operations officer for Lakeland-based MidFlorida, said the firm is issuing 12,000 new debit cards after recent fraud attempts stemming from a previous data breach at Heartland Payment Systems. Heartland, a major New Jersey-based payment processing company, announced a security breach in January 2009 that exposed information from 100 million credit and debit card transactions.... read more»

Google Finds Cyber Attacks on Vietnam Mine Dissidents (Update2) (from Businessweek at 31-3-2010) Google Inc., which moved its search engine out of mainland China this month after claims of cyber attacks on human-rights activists, said it detected software targeted at critics of bauxite mining in neighboring Vietnam. Tens of thousands of people who downloaded Vietnamese language software may be infected with malicious software that spies on users and hijacks computers to disrupt Web sites, Neel Mehta at Google’s Security Team wrote on the company’s online security blog yesterday. The atta... read more»

Google Summer of Code 2010: Student application deadline announced (from h-online at 31-3-2010) Google has announced that the deadline for student applications for this year's Google Summer of Code (GSoC) event is Friday, the 9th of April at 19:00 GMT. Each year Google seeks students and mentors from the FLOSS community to take part in it's annual GSoC event, which takes place over the period of three months. Google has announced that the deadline for student applications for this year's Google Summer of Code (GSoC) event is Friday, the 9th of April at 19:00 GMT. Each year Google seeks ... read more»

Cyber terrorism by proxy (from DNAIndia at 31-3-2010) Proxy servers, which were recently used by a teen to send an email blackmailing his former classmate, can be a handy tool for far more sinister activities like cyber terrorism. Some of these can affect the security of the country and even paralyse important websites of the government. "Proxy servers can be easily used to spread cyber terrorism in the country," police inspector, Cyber Crime Cell, Detection of Crime Branch, Kiran Patel told DNA.Patel said that most often terrorists use a proxy ... read more»

More Mea Culpas From Big-Time Hacker (from enterprise-security-today at 31-3-2010) For the second time in as many days, a computer hacker accused of one of the largest-ever thefts of credit and debit card numbers stood before a federal judge and apologized for his actions. "I have violated the sanctity of millions of individuals around the United States," said Albert Gonzalez, in pleading for lenience. "I'm guilty of the crimes ... I accept full responsibility for my actions." Federal Judge Douglas Woodlock sentenced Gonzalez to 20 years and a day in prison, but ordered ... read more»

What’s your SEO poison? (from Net-Security at 31-3-2010) Search engine optimization (SEO) poisoning is an increasingly popular method of attack for cybercriminals and one that shows they are using more sophisticated techniques. In the last year, attackers have poisoned search results on everything from celebrity news to Google Wave invitations. But what makes these attacks such a success? Millions of searches are conducted each day on popular search engines by people all around the world. In order to share what are they looking for with the wider p... read more»

Political cyber-attacks came from within Vietnam, Google says (from Earthtimes at 31-3-2010) Google Inc's announcement that hackers behind attacks on politically sensitive websites in Vietnam were located within the country came as no surprise, administrators of those websites said Wednesday. In a post dated March 30, Google security expert Neel Mehta said the company had confirmed the existence of malware originating from Vietnam that "broadly targeted Vietnamese computer users around the world." Google and the anti-virus software company McAfee Inc said a computer virus of the t... read more»

Cyber Terrorism Debate Continues (from thenewnewinternet at 31-3-2010) While the debate is currently raging regarding the definition of cyber war, another central debate in cybersecurity is the issue of cyber terrorism. Jim Lewis, of CSIS, believes that cyber terrorism is not the principle threat at present, largely because he does not think terrorists presently have the capability. “I don’t worry about cyber terrorism,” he said at a recent event in the Washington, DC area. “If they had the capability, did you think they would wait to use it?” Back in early Febr... read more»

Security Automation Developer Days (from MITRE Corporation at 31-3-2010) MITRE is pleased to announce that we will be hosting Security Automation Days here at MITRE in Bedford, MA on June 14 – 16. Please mark the date. Below is our tentative agenda. Look forward to seeing you there. For More Information: Download the text file... read more»

Kundra Previews New FISMA Guidance (from Govenment Information Security at 31-3-2010) New FISMA guidance the Office of Management and Budget will issue in the coming weeks will focus on three areas: use of real-time security monitoring, how information security initiatives should be funded and building security risk profiles for agency IT programs. Kundra, whose statutory title is OMB's administrator of e-government and IT, said the new guidance is aimed at moving agencies away from the process of filing paper documents that explain how they comply with Federal Information Se... read more»

Chicago Workshop to Focus on Anti-Hacking Measures (from infracritical at 31-3-2010) An upcoming conference in Chicago will focus on SCADA security and penetration techniques. The “open workshop” will include discussions, briefings of recent security incidents, and slide presentations on prevention against hacking of PLC, RTU, and other embedded instrumentation and controls, conference organizers say. Attendees will participate in “red teaming” exercises and security countermeasure techniques. The organizers of the not-for-profit conference said attendees will be encouraged t... read more»

iPhone Hacker: I'll Hack to Keep Linux on PS3 (from Toms Hardware at 31-3-2010) iPhone hacker George Hotz promises PS3 users a work-around for Sony's decision to nix OtherOS support. Yesterday Sony announced that the next PS3 firmware update, 3.21 would disable support for the PlayStation's "Other OS" feature. A lot of people don't use this feature at all, so it was no problem for most. However, those that do, value the fact that they're able to run Linux on their console. Though Sony didn't specify why it was disabling OtherOS (aside from mentioning it was for securi... read more»

U.S. Weighs Options for Fighting Overseas Cybercrime (from ecommercejunkie at 31-3-2010) In the wake of the alleged Chinese cyber assaults on Google earlier this year the chatter in Washington, DC advocating for an increased U.S. presence in policing cyber crime around the globe and protecting U.S. interests is growing by the day. And it could result in the formation of a new cyber security post, according to those close to the situation.... read more»

Challenges and Opportunities in Cybersecurity (from Military at 31-3-2010) It is a battle that is being fought every second of every day. A battle in which the attackers are unseen and often undetected and the victims unaware and often unwilling to publicly acknowledge their defenses have been breached. This is the ongoing conflict between cyberwarfare and its alter ego cybersecurity, and global aerospace and defense companies are looking carefully at the battleground to determine where they can play a role.... read more»

Another week of hacks, malware, and cyber crime (from InfoWorld at 31-3-2010) Chrome, the last browser standing at Pwn2Own Results of TippingPoint's CanSecWest hacking contest, Pwn2Own, once again demonstrated that building a perfectly secure Internet browser is very difficult. Even though Firefox and Apple rushed out dozens of last-minute security patches before the big contest, Firefox, Safari, and Internet Explorer 8 all quickly fell. A Safari bug even led to the first serious documented iPhone 3G exploit. ... read more»

Lawmakers Urge FTC to Investigate Google Buzz (from EPIC at 31-3-2010) Ten House Members have asked the Federal Trade Commission to pursue an investigation into the Google social networking service Buzz, given "Google's practice of automatically using consumers' e-mail address books to create contact lists for Buzz and then publicly disclosing the names of those private contacts" online. The lawmakers also asked the Commission to consider the privacy implications of Google's proposed acquisition of AdMob, the mobile phone advertising company.... read more»

Update: Norton Ratchets Up Fight Against Cybercrime (from CNN at 31-3-2010) Norton from Symantec (NASDAQ: SYMC) announced today that it has appointed Adam Palmer as Norton Lead Cybersecurity Advisor. Formerly a cybercrime prosecutor and legal director for the National Center for Missing and Exploited Children (NCMEC), Palmer is a pioneer in the field of cybercrime law and its enforcement, bringing more than a decade of experience in private industry and government service.... read more»

Hacked climate email inquiry cleared Jones but serious questions remain (from Guardian at 31-3-2010) Gaunt, beta-blocked and stood down from duty, Phil Jones is the fall guy for the wider failings that triggered the hacked climate email scandals. But at its hearings into the affair a month ago, the Commons science committee was kind to the director of the Climate Research Unit (CRU), but short-tempered with his grinning sidekick, the University of East Anglia's vice-chancellor Edward Acton. And so, in their report, Jones gets the benefit of a few doubts. At their final drafting meeting last ... read more»

CanSecWest 2010 day 3 summary (from Sophos at 31-3-2010) The conference has now drawn to a close and Michael Argast and I have made CanSecWest this week's podcast topic. Our weekly podcasts have been going well so far and I would like to thank our editor/producer Maria Varmazis for her help and for committing to a weekly schedule with us. Jimmy works for McAfee and the heart of his presentation this year was the increasing threats against mobile platforms, and especially the creation of grey-ware. McAfee refers to these as Potentially Unwanted Prog... read more»

Vietnamese Speakers Targeted In Cyberattack (from McAfee at 31-3-2010) Attackers created the botnet by targeting Vietnamese speakers with malware that was disguised as software that allows Windows to support the Vietnamese language. The keyboard driver known as VPSKeys is popular with Vietnamese Windows users and is needed to be able to insert accents at the appropriate locations when using Windows. The bot code masquerading as a keyboard driver finds its way onto computers that, once infected, join a botnet with command and control systems located around the ... read more»

Vietnamese Malware unrelated to Aurora (from the tech herald at 31-3-2010) The Malware mentioned in Google Security Team member Neel Mehta’s post is said to have originated as a keyboard driver allowing support for the Vietnamese language on Windows. The driver, once installed, would then connect to a Command & Control server where it could be used for any number of tasks. Essentially, the infected systems were bots used to launch Denial of Service attacks on blogs containing messages of political dissent. Specifically these attacks have tried to squelch opposition ... read more»

Google frets over Vietnam hacktivist botnet (from E-Secure-IT at 31-3-2010) Hackers used malware to establish a botnet in Vietnam as part of an apparently politically motivated attack with loose ties to the Operation Aurora attacks that hit Google and many other blue chip firms late last year, according to new research from McAfee and Google. Google draws parallels with the Vietnam botnet and operation Aurora attacks, which in part involved the attempted surveillance of Gmail accounts belonging to Chinese human rights activists. The targeted attacks associated with ... read more»

Architectural design principles for true end-to-end resilience of communication networks (from Enisa at 31-3-2010) OBJECTIVE The main objective of this call for experts is the preparation of a report that identifies and describes architectural design principles for networks allowing end-to-end resilience of any communication on applications layer and considering security aspects. The term “end-to-end resilience” should be considered as the ability of all OSI layers (not only the network layer) to provide the requested services from the user terminal to another user terminal or a server providing the serv... read more»

India, US ties proposed against cyber terrorism (from newKerala at 31-3-2010) India has suggested close partnership with the US in cyber security, particularly against cyber terrorism, as the two countries take their economic and technological collaboration to the next level. Indian Minister of State for Communications and Information Technology Sachin Pilot made the suggestion in talks with senior officials at the White House and in the US Department of Commerce during a week long visit, Indian officials said Tuesday.... read more»

E-mail accounts of foreign journalists in China hacked (from ComputerWorld at 31-3-2010) The e-mail accounts of eight foreign journalists working in China and Taiwan were hacked recently, leading Yahoo to suspend several of the accounts last week, the Foreign Correspondent's Club of China (FCCC) said Wednesday. "We have confirmed eight cases in which journalists in China and Taiwan have had their e-mail accounts hacked in recent weeks, with several accounts disabled by Yahoo on March 25," the FCCC said in an e-mail sent to members.... read more»

Extreme outage for Internode’s Adelaide subscribers (from ITNews at 31-3-2010) A "complex technical problem" with Internode's DSLAMs yesterday caused a 22-hour broadband outage for some customers in Adelaide. Customers on Internode's 'Extreme' ADSL2+ services reported authentication issues late Monday night. Engineers attempted to address the issue by rebooting DSLAMs in various metropolitan exchanges. However, the reboot failed to resolve the issue, which had spread to all DSLAMs in metropolitan Adelaide by 8am yesterday. The issue was said to have occurred wi... read more»

Google Now Says Technical Glitch Not to Blame in China (from CIO at 31-3-2010) After blaming an internal technical glitch, Google (GOOG) now says it's not sure why people in China have had trouble using its search service. Earlier Tuesday, some people in China reported being unable to perform Google searches even though they could access the Google search page at google.com.hk, where the company is directing Chinese users. Some observers thought the Chinese government had started blocking the site, but Google said the problems were due to a change the company had made t... read more»

Hacker teen gets 3 years (from ShanghaiDaily at 31-3-2010) A 19-YEAR-old boy has been sentenced to three years in prison for destroying Website servers as a hacker and extorting the victims, Qingpu District People's Court ruled. The boy surnamed Yuan studied hacker lessons and intruded into servers of three Websites last June to test his ability. He deleted all the documents on the servers and extorted 55,000 yuan (US$8,000).... read more»

London council loses thousands of kids' details (from The Register at 31-3-2010) Barnet Council has lost records of 9,000 school children after a laptop and unencrypted USB stick were stolen. Nick Walkley, chief executive of Barnet Council, has written to parents to apologise but said the risks associated with the data breach were minimal. Information held included children's names, educational attainment, entitlement to free meals and postcodes and phone numbers. Some records were more detailed and those parents received a separate letter.... read more»

Is the cyber threat overblown? (from foreignpolicy at 31-3-2010) Am I the only person -- well, besides Glenn Greenwald and Kevin Poulson -- who thinks the "cyber-warfare" business may be overblown? It’s clear the U.S. national security establishment is paying a lot more attention to the issue, and colleagues of mine -- including some pretty serious and level-headed people -- are increasingly worried by the danger of some sort of "cyber-Katrina." I don't dismiss it entirely, but this sure looks to me like a classic opportunity for threat-inflation.... read more»

Fighting identity theft not a priority, report says (from CNN at 31-3-2010) Ten million Americans a year are victims of identity theft. It's a growing problem in the United States, but fighting it doesn't appear to be a priority, a new report says. A report by the Justice Department Inspector General released Tuesday cites the wide-ranging costs and dangers of ID theft. Although the report has no new numbers, the financial losses are believed to be substantially higher than the $15.6 billion documented in 2005.... read more»

The chilling effects of malware (from googleonlinesecurity at 31-3-2010) In January, we discussed a set of highly sophisticated cyber attacks that originated in China and targeted many corporations around the world. We believe that malware is a general threat to the Internet, but it is especially harmful when it is used to suppress opinions of dissent. In that case, the attacks involved surveillance of email accounts belonging to Chinese human rights activists. Perhaps unsurprisingly, these are not the only examples of malicious software being used for political ends... read more»

School laptop spy case prompts Wiretap Act rethink (from Arstechnica at 31-3-2010) When Pennsylvania's Lower Merion school district installed remote control anti-theft software on student laptops, it had no intention of dragging Congress into a national debate about wiretapping laws and webcams—but that's exactly what it got (in addition to some unwanted FBI attention and a major lawsuit). The key question: should the school's alleged actions be made illegal under US wiretap law?... read more»

Facebook acts on web trolls who vandalise tribute pages (from Courier Mail at 31-3-2010) FACEBOOK has taken its first official step to combat the vulgar "trolling" of online tribute pages, but critics say the measures don't go far enough. The social networking giant on Tuesday sent a message to all Australian Facebook page administrators outlining security settings which reduce trolling – the act of hijacking memorial pages with pxxxography, padophilic pictures and offensive comments. The unprecedented direction to Facebook users came just hours before vandals struck the tribute ... read more»

Former IBM exec pleads guilty to securities fraud (from v3 at 31-3-2010) Robert Moffat, a former high-flier at IBM who was seen as a possible future chief executive of the company, has pleaded guilty to securities fraud in a court in New York, and faces up to six months in prison. Moffat's involvement first became apparent in October 2009, when IBM said that he had been "placed on a leave of absence as a result of a US federal investigation into his personal activities" and is "no longer an employee of IBM".... read more»

Nigeria: PIN Boss Tackles Cybercrime at 2010 Internet Forum (from All Africa at 31-3-2010) NIGERIA's Information Technology (IT) youth ambassador and Executive Director, Paradigm Initiative Nigeria (PIN), Mr. Gbenga Sesan has been slated to speak on the menace of cybercrime among Nigerian youths at the 2010 Internet Governance billed for Lagos, nextmonth. Mr. Sesan while disclosing this in Lagos, weekend said that his organization is concerned over the unprecedented increase of Nigerian youths on cybercrime.He said that outline of solutions would be proffered at the forum being put... read more»

(DOT).co domain name up for grabs from 26 April (from Computer World at 31-3-2010) Missed out on your preferred .com domain name? No stress, you can always try .co. Once only the domain suffix for Columbia, .co will become available to use across the globe from 26 April as part of a moves by the South American country's government to cash in on the domain extension. The Colombian move, which mirrors the opening up of the .tv country-code top-level domain (TLD) by Tuvalu, will be undertaken by a joint company called .CO Internet S.A.S formed by Colombian and US organisation... read more»

FAA Teams With IBM On Cybersecurity (from Information Week at 31-3-2010) The Federal Aviation Administration has begun a research and development pilot aimed at helping the agency detect and react to hackers before they have a chance to attack FAA systems, IBM and the FAA announced Tuesday. The pilot makes use of recently released IBM software called InfoSphere Streams, which was developed in conjunction with the Department of Defense and can perform realtime analytics on heavy throughput data streams of up to millions of events or messages per second.... read more»

Organizations Rarely Report Breaches to Law Enforcement (from Dark Reading at 31-3-2010) Most organizations hit by breaches that don't require public disclosure don't call in law enforcement -- they consider it an exposure risk, with little chance of their gaining any intelligence from investigators about the attack, anyway. FBI director Robert Mueller has acknowledged this dilemma facing organizations that get hacked, noting in a speech at the RSA Conference last month that disclosing breaches to the FBI is the exception and not the rule today. But the FBI will protect victim or... read more»

Email in a world of social networking (from windowsteamblog at 31-3-2010) On the Windows Live Hotmail team, we spend a lot of time talking to people about email. It’s one of the ways we figure out what people want, what their pain points are, and what we can build that might delight them. Even though we’re the most widely used email service in the world with over 369 million people actively using Hotmail, and have been providing the Hotmail service to consumers since 1997, and even though we work closely with the Microsoft Exchange folks who have been providing ema... read more»

Your internet policy sucks, US tells Aussies (from The Register at 31-3-2010) Critics of the Australia’s proposed internet filtering scheme just keep on coming. This week, it's the turn of one of Australia’s biggest and most formidable allies, the United States, to put the boot into a scheme that would turn Australia into the free world’s strictest regulator of internet content. This follows objections raised last week by those well-known purveyors of internet smut, Google and Yahoo, and before that by Reporters sans Frontieres (RSF), a French campaigning group dedicat... read more»

ITS delays switch to Gmail (from yaledailynews at 31-3-2010) The changeover to Google as Yale’s e-mail provider has been put on hold. Information Technology Services has decided to postpone the University’s move from the Horde Webmail service to Google Apps for Education, a suite of communication and collaboration tools for universities, pending a University-wide review process to seek input from faculty and students. After a series of meetings with faculty and administrators in February, ITS officials decided to put the move on hold, Deputy Provost f... read more»

Yahoo! sidesteps report of China hack of journalists' email (from Yahoo at 31-3-2010) Yahoo! on Tuesday sidestepped a report that hackers had broken into email accounts of foreign journalists in China. "Yahoo! condemns all cyberattacks regardless of origin or purpose," a spokesperson for the US Internet firm said in response to an AFP inquiry. "We are committed to protecting user security and privacy and we take appropriate action in the event of any kind of breach."The spokesperson declined to confirm, deny or comment on specific incidents. The hacking report came less than t... read more»

Weak passwords stored in browsers make hackers happy (from The Register at 31-3-2010) Nearly a quarter of people (23 per cent) polled in a survey by Symantec use their browser to keep tabs on their passwords. A survey of 400 surfers by Symantec also found that 60 per cent fail to change their passwords regularly. Further violating the 'passwords should be treated like toothbrushes' maxim (changed frequently and not shared), the pollsters also found that a quarter of people have given their passwords to their spouse, while one in 10 people have given their password to a ‘friend... read more»

Vulnerability Metrics Webinar (from GoToMeeting at 31-3-2010) Tenable CEO Ron Gula will discuss how different types of vulnerability metrics can be used to understand how they impact your network security. Topics include trending vulnerabilities, considering vulnerability ages, comparing patch audits vs. uncredentialed scans, how often scans should be conducted, risk scoring systems and much more. Webinar attendees will learn many different ways to visualize and report on a wide variety of vulnerability metrics.... read more»

SEO poisoning attacks are likely to gain steam this year (from SecurityPark at 31-3-2010) A malicious SEO poisoning attack, also known as a Blackhat SEO attack, occurs when hackers manipulate search engine results to make their links appear higher than legitimate results. As a user searches for related terms, the infected links appear near the top of the search results, generating a greater number of clicks to malicious Web sites. Search engine optimization (SEO) poisoning is an increasingly popular method of attack for cybercriminals and one that shows they are using more sophist... read more»

Cyber-Security will Soon be a Priority for the Masses- Not Just Us IT Geeks (from GTRA at 31-3-2010) As we continue to expand on “anytime/anywhere” access to information (much of it personal), more and more people are become aware of the sheer scope and transformative power that interconnected applications and various types of information sharing can have on their lives; both in good ways and bad. Although it seems far away, I predict that in the near future issues like ‘cyber security’, ‘IT risk management’, and ‘identity management’ will become engrained in the average person’s everyday p... read more»

Microsoft teams with Google in name of privacy (from The Register at 31-3-2010) Search rivals Microsoft and Google have joined a coalition to simplify and clarify US law to protect the online privacy of netizens from government snooping. The companies have teamed with more than 20 other technology providers and lobby groups from the right and left of US politics to update a US privacy law that's being applied to peoples' internet communications, but was written in 1986 - the year of big hair, Chernobyl, and the Challenger space-shuttle disaster, but most certainly not th... read more»

Gov't plans fingerprint passport bill (from ZDNet at 31-3-2010) The home secretary has revealed plans for primary legislation requiring passport applicants to be fingerprinted and enrolled on the National Identity Register. Alan Johnson said the move would convert the current small-scale identity card programme into a scheme eventually covering the vast majority of the population. In response to a question from his Conservative shadow Chris Grayling, Johnson said: "The provisions of the Identity Cards Act 2006 will be amended by further primary legisla... read more»

Consumers warned about smartphone data loss (from TechWorld at 31-3-2010) The iPhone and the Blackberry is as big a threat to personal data security as the home PC, a new government-backed campaign plans to tell people. According to the UK-based GetsafeOnline.org, consumers are storing personal data on smartphones without thinking through the consequences should that device get lost or stolen. The organisation's research shows that about one in five owners of smartphone devices can expect to lose or have them stolen them at some point, with a growing number packed... read more»

Technical error hits Google China (from BBC at 31-3-2010) Google has said that a problem that meant that Chinese users of its service were unable to access search results on 30 March was due to a technical error. Many reports had speculated that the block may have been put in place by the Chinese government. Earlier this month Google stopped censoring its search results in China in defiance of the government. The company now redirects Chinese users to the uncensored pages of its Hong Kong website. A spokesperson for the firm said that "lots of users... read more»

ISAlliance/ANSI Report: The Financial Management of Cyber Risk (from infosecisland at 31-3-2010) According to the White House Cyberspace Policy Review (CSPR), between 2008 and 2009 American business losses due to cyber attacks had grown to more than $1 trillion of intellectual property - a staggering figure that impacts not only American business, but also our national security, which is dependent upon a robust and secure information infrastructure. In the CSPR report, President Obama asked for a program that would help assign a monetary value to cyber risks and consequences, giving orga... read more»

Azerbaijan: DOTCOM arrives in Baku (from hostexploit at 31-3-2010) Late last night, American participants of the U.S. State Department sponsored DOTCOM project to bring Armenian, Azerbaijani and American teenagers together to create socially conscious media arrived in Baku, Azerbaijan, ahead of the Social Media for Social Change conference to be held on 9-10 April in Tbilisi, Georgia.... read more»

Project EVE Allows New Zealand Police To Speed Processing Of Computer-Based Evidence (from hostexploit at 31-3-2010) A new technology is changing the way computer-based evidence is identified. Launched in August 2009, Project EVE has enabled the New Zealand Police Force to process evidence from electronic devices far quicker than they had been able to previously. EVE, which stands for the Environment for Virtualized Evidence, is an automated software system that allows police officers to analyze an electronic device for evidence by creating a clone of it and downloading its data to a network which officers ... read more»

Burglary leads to loss of data about 9,000 children (from itpro at 31-3-2010) Barnet Council has admitted losing data on 9,000 children after an employee was burgled at home. The London Borough Council has written to residents affected by the loss, namely year 11 pupils who attended any school in Barnet from 2006 to 2009. The data was lost earlier this month after a member of staff at the council took CDs, USB sticks and a computer home, which were then stolen by a burglar.... read more»

Cyber war: Modern warfare 2.0 (from hostexploit at 31-3-2010) Anyone with an interest in technology and politics would need to be living in a cave not to have noticed an alarming increase in Cyber war rhetoric of late. On one hand we have the House of Lords claiming the 'electronic defenses' of the UK would survive a cyber attack, and on the other Baroness Neville-Jones, Shadow Security Minister and National Security Adviser to David Cameron, telling us "neither the government nor the private sector can completely control or protect the country's inform... read more»

Constantly Changing Threats Challenge Cybersecurity Pros (from hostexploit at 31-3-2010) Cybersecurity, a system of protecting data, computer networks and computers from intrusion, data theft and hijacking, is a moving target that changes moment by moment, while at the same time the medium and the way it is used by individuals and businesses evolves. With business computing moving more and more online, whether through social media marketing, e-commerce or using Internet-based cloud computing resources, ranging from Google documents to distant servers, protecting systems from vand... read more»

Google leads call to change privacy law in US (from FT at 31-3-2010) An unlikely coalition of technology companies and campaign groups is calling for an overhaul of digital privacy laws in the US, a move it says would better safeguard businesses and individuals from the prying eyes of the government. The group, which includes Google, Microsoft, the American Civil Liberties Union and others, on Tuesday launched a campaign called Digital Due Process, which it described as “an effort to modernise surveillance laws for the internet age”.... read more»

Poland - Internet-based crime rising (from hostexploit at 31-3-2010) The Polish police have reported a sharp increase in crimes committed on the internet. According to figures obtained by Rzeczpospolita, internet-based crime increased from 4,200 reported cases in 2008 to 5,700 last year, a 36 percent rise year-on-year. In comparison, the total number of all reported crimes rose by only four percent last year. The latest rise in online crime appears especially sharp when compared to an increase of only 200 cases from 2007 to 2008.... read more»

Naked Intelligence 2010 - Washington DC (from nakedintelligence at 30-3-2010) TUESDAY, OCTOBER 12, 2010 11:30-12:00 PM TBD -Corporate Intelligence -Tyler Drumheller 12:00-12:30 PM Inside the U.S. Domestic Threat- The Lackawanna Six Case Study - Peter J Ahearn 2:00-3:00 PM Is Government Sponsored Intelligence Relevant in the 21st Century?- Ron Marks 3:30-4:00 PM Predictive Intelligence in an Open Source World- Andrew Chester 4:00-4:30 PM Intelligence Analyst, Knowledge Worker Model of the 21st Century? - Robert J Heibel 4:30- 5:00 PM Is intelligence bogge... read more»

Corruption in soccer on 'mafia-like scale', says reporter (from offshorealertconference at 30-3-2010) In a few months, soccer's FIFA World Cup will take place in South Africa. The month-long tournament is the biggest sports event in the world. It is also the most corrupt, according to British investigative reporter and film-maker Andrew Jennings. Yet, despite compelling evidence of illegal activity on a scale that you typically associate with organized crime, FIFA's bosses are feted by governments who claim to be against corruption, including the USA, and are allowed to launder their illegal... read more»

CEOs resigned to a data breach in the next 12 months says study (from Infosecurity-Magazine at 30-3-2010) Research just released has come up with the fascinating premise that a large majority of CEOs are resigned to the possibility of their organisations suffering a data breach of some type in the coming year. The study – sponsored by IBM and carried out by the Ponemon Institute – suggests that a radical rethink in the way businesses prioritise and plan their IT security strategies. The survey took in 115 responses from CEOs at UK businesses and, says IBM, looked to get an idea of how companie... read more»

Confidential social services data found on USB stick in Stoke-on-Trent (from Infosecurity-Magazine at 30-3-2010) Records from the city council's social services department have been found on an unencrypted USB stick in Hanley, Stoke-on-Trent. The stick was handed in by an IT consultant to the local newspaper, the Sentinel, on Friday, after he apparently found it lying on the pavement. According to the Sentinel newspaper, the social services records of foster carers, family court proceedings, parenting assessments, child custody arrangements and even the psychological history of children in care were inc... read more»

MI5 to let go of tech-averse staffers (from CNet at 30-3-2010) The United Kingdom's Security Service has introduced a redundancy program for staff who lack IT skills, according to the Intelligence and Security Committee's annual report. In the report, which was laid before parliament on March 18, Security Service Director General Jonathan Evans is quoted as saying the service--commonly known as MI5--was instituting voluntary and compulsory reduncancies--that is, layoffs--after a review of its staff profile.... read more»

Undersea Volcano Threatens Italy, Says Scientist (from FOXNews at 30-3-2010) Europe's largest undersea volcano could disintegrate and unleash a tsunami that would engulf southern Italy "at any time,” a prominent vulcanologist warned in an interview published Monday. The Marsili volcano, which is bursting with magma, has "fragile walls" that could collapse, Enzo Boschi told the leading daily Corriere della Sera.... read more»

Accused Online Predator Gets The Shock Of His Life (from amw at 30-3-2010) Lt. Don Whitehead leads the Computer Forensics Section of the Kokomo Police Department in Indiana. Throughout his shift, he trolls online chat rooms with the intent of finding child predators looking to pick up underage boys and girls. Though he doesn't spend all of his time at the computer, instant messages from potential predators pop onto Lt. Whitehead’s screen with an unsettling frequency whenever he signs into his account. Lt. Whitehead doesn't initiate a single conversation. Instead,... read more»

The 10 Riskiest Cities for Cyber-Crime (from Govtech at 30-3-2010) The threat of falling victim to cyber-crime is so ubiquitous today, and some of America's biggest cities are even more prone than elsewhere in the country, according to a well known producer of cyber-security software. Norton from Symantec, a popular antivirus provider, teamed up with the research organization Sperling BestPlaces to discern which cities were the riskiest hot spots for cyber-security, publishing the results March 22 in The Norton Top 10 Riskiest Online Cities report. The 50 ci... read more»

Downadup/Conficker One Year Later (from viewfromthebunker at 30-3-2010) This week is the one-year anniversary of the Downadup/Conficker threat’s April 1, 2009 “trigger” date. Although, Conficker did not turn into a widespread threat or cause the significant damage it had the potential to inflict, one year later, we know that those behind Downadup/Conficker still potentially have the keys to some 6.5 million of these computers. These computers have not been fixed by their owners, leaving them open to be victimized at any time by cybercriminals. While 6.5 million i... read more»

Dr Dan & Neo are back, hacked one more website (from newsaboutfrauds at 30-3-2010) Doctor Dan and Doctor Neo are back. The duo, who claimed to be a part of Pakistan Net Army (PNA) that defaced Taxila Business School website on March 23, have hacked one more website in the city on the intervening night of Thursday and Friday. The website that came under attack is Noorpaperarts.com. Cyber crime experts are of the opinion that there may be many such websites which had been defaced by these hackers. They have left obnoxious message on the website saying Hacked by your Fathe... read more»

Sen. Klobuchar Targets Online File Sharing Dangers (from Wcco at 30-3-2010) Sen. Amy Klobuchar has introduced a plan to keep online criminals away for your personal files. At a press conference at Best Buy in Richfield Monday, Klobuchar said a lot of people do not realize how risky peer-to-peer file sharing can be. Software programs such as LimeWire, BitTorrent, and uTorrent can actually put your personal documents on the Internet.... read more»

US student loans guarantor confirms data loss of records of 3.3 million people with names, addresses and Social Security numbers and dates of birth included (from scmagazineuk at 30-3-2010) The American equivalent of the student loan company has reported a data loss of records of 3.3 million people. The Educational Credit Management Corporation (ECMC), which guarantees federal student loans, reported on Friday that personal data on about 3.3 million people nationwide has been stolen from its headquarters in Minnesota. It reported that the data included names, addresses, Social Security numbers and dates of birth of borrowers, but no financial or bank account information. ECMC... read more»

Beware of Emails from Google, Hallmark, Twitter: New wave of spam attacks spreading variants of Vundo and Buzus trojan (from freehacking at 30-3-2010) Be careful before opening emails from suspicious or unknown senders, as online security firm eScan has warned of malicious malware that are more potent that earlier variants. Security experts have said that the new variants are network aware and pose a great danger to corporate networks, as a single infection can lead to a network outbreak within an hour. eScan has warned against opening emails or attachments with subject lines such as, "You have received A Hallmark E-Card!", "Your friend inv... read more»

Bug off -- Find your bugs yourself, Pwn2Own winner tells Microsoft, Apple (from Itbusiness at 30-3-2010) The only researcher to "three-peat" at the Pwn2Own hacking contest said today that security is such a "broken record" that he won't hand over 20 vulnerabilities he's found in Apple's, Adobe's and Microsoft's software. Instead Charlie Miller will show the vendors how to find the bugs themselves. Miller, who yesterday exploited Safari on a MacBook Pro notebook running Snow Leopard to win $10,000 in the hacking challenge, said he's tired of the lack of progress in security.... read more»

Fraudsters Use Phishing Attacks to Hijack eBay Accounts (from AuctionBytes at 30-3-2010) A 20-year veteran of the military named Doug received an email on Thursday informing him that eBay had put a temporary hold on his selling account. The email instructed him to click on a link that led to eBay.com, where he verified his account. Ten minutes later, he received 29 email messages from shoppers asking questions about products that he had not put up for sale, including bicycles and exercise equipment. Doug learned he was a victim of a phishing scam - he had entered his eBay user na... read more»

Detecting Botnets with Network DLP (from Damballa at 30-3-2010) Data Leakage Prevention (DLP) solutions have attempted to occupy a niche area of security for a handful of years now. In general though they’ve been largely unsuccessful in carving out a unique portion of the information security landscape (and corresponding security spend). This doesn’t mean that DLP is a redundant technology, nor does it mean that some enterprise security teams haven’t invested in the technology – merely that pure-play vendors and products have struggled to differentiate t... read more»

JC Penney tried to block publication of data breach (from ComputerWorld at 30-3-2010) Retailer JC Penney fought to keep its name secret during court proceedings related to the largest breach of credit card data on record, according to documents unsealed on Monday. JC Penney was among the retailers targeted by Albert Gonzalez's ring of hackers, which managed to steal more than 130 million credit card numbers from payment processor Heartland Payment Systems and others. Gonzalez was sentenced to 20 years in prison on Friday in U.S. District Court for the District of Massachusetts... read more»

Updated: Major Nelson’s Xbox LIVE Account Hacked (from 411mania at 30-3-2010) Early this morning, Larry Hryb, Director of Programming for Xbox LIVE, had his LIVE profile hacked. As seen above, the hacker got into Hryb's, better known as Major Nelson, account and changed his bio info and speech bubble. The hacker has put other messages on Hryb's account as well. To see images of these and what his account originally had, check out the story Kotaku wrote. Shortly after the hack happened, the Web site Lightzz took credit for the hack, posting a video of it, along wi... read more»

More computer security needed, renowned computer hacker says at Cal Poly Pomona competition (from pasadenastarnews at 30-3-2010) In the cyber world, there are no boundaries. Threats are invisible and traditional means of law enforcement don't always work. Jeff Moss, founder of the DEF CON hacker conventions and an appointed member of the federal Homeland Security Advisory Council, spread this message to students Friday as the keynote speaker of the three-day Western Regional Cyber Defense Competition March 26-28 at Cal Poly Pomona. The competition featured dozens of students from eight colleges and universities - C... read more»

Close the Security Holes in your Firewalls! (from rootshell at 30-3-2010) Who is not protected by a firewall today? Nobody! Our Internet (as well as local) traffic is inspected by multiple firewall layers. They are present everywhere: on Internet gateways, in front of data-centers, between departments, even your workstation is running a firewall. For a few years, a new type of firewalls has emerged, called “Next Generation” firewalls. What’s the difference with classic ones? Roughly, new players are really filtering packets up to the 7th layer. Instead of old-fash... read more»

The Top Five Cyber Fallacies (from Forbes at 30-3-2010) Regardless of your position on the over-hyped and under-estimated realm of cyber conflict, crime, and espionage, you probably have a few pet fallacies. I thought it might be fun, and possibly instructive, to start a conversation about them. Here are my top five. Feel free to add yours in the comments section. The TSA Fallacy The Smoking Gun Fallacy The Cyber 9/11 Fallacy The China Fallacy The Maginot Line Fallacy... read more»

FISMA compliance reform act looks to monitor cybersecurity threats (from search compliance at 30-3-2010) Legislation introduced last week in the House of Representatives proposes to update the Federal Information Security Management Act (FISMA) of 2002, including the continuous monitoring of security threats based on government agency risk profiles. As with PCI DSS compliance, FISMA compliance has come under criticism for providing large amounts of paperwork that reflect controls, as opposed to the constant measurement of the risks posed by evolving cybersecurity threats.... read more»

Vulnerable to SQL Injection attack - Punjab Technical University (PTU),NIT Kurukshetra and Zee news Noida (from freehacking at 30-3-2010) Today morning I received an email regarding SQL injection vulnerability. The email was from PROHACK. Actually I have subscribed its news letter. Every thing was normal except one thing .and that was Punjab Technical University (PTU) is hackable very easily. WTF Its being almost more then 3 years and still any average hacker can login into the website. Where are the official authorities of PTU ? Still after 3 years the government is sleeping. I finally decided to post this article along with... read more»

IRS urging citizens to avoid ‘dirty dozen’ tax scams (from courier-gazette at 30-3-2010) The Internal Revenue Service recently issued its 2010 “dirty dozen” list of tax scams, including schemes involving return preparer fraud, hiding income offshore and phishing. “Taxpayers should be wary of anyone peddling scams that seem too good to be true,” IRS Commissioner Doug Shulman said. “The IRS fights fraud by pursuing taxpayers who hide income abroad and by ensuring taxpayers get competent, ethical service from qualified professionals at home in the U.S.” Tax schemes are illegal an... read more»

Net news likely to stay free in NZ (from NZ Herald at 30-3-2010) Media magnate Rupert Murdoch has upped the ante over free news content on the web. Investors and media business analysts will be watching Murdoch's move to see if competitors will follow suit, leading to big changes in the free online model. But in this part of the world newspaper companies say the advertiser-funded model for news websites - such as APN News & Media's nzherald.co.nz and Fairfax's stuff.co.nz - is likely to remain.... read more»

China Largest Malware Distributor (from The New New internet at 30-3-2010) China is presently the largest distributor of malware, according to a new report released by Symantec. The U.S. is the leading malware distributor based on mail servers followed by China and Romania, with over 36 percent being distributed from U.S. based servers. However, a more in-depth look revealed that the users sending the malware are based in China. The report studied the ISP address of the user and found that over 28 percent of malware was distributed by Chinese based users. The United... read more»

Federal Cybersecurity Policy Muddles Along (from Military at 30-3-2010) Asked to define cybersecurity -- or what the U.S. ought to do about it -- the approximately 535 members of Congress would likely each provide different answers. The Pentagon, White House and other executive branch agencies have their own answers, too, and not even the country’s first cybersecurity czar, named by the president in late December, can evoke U.S. cybersecurity policy. Still, there is a growing consensus on one matter regarding cybersecurity: unified federal action is needed.... read more»

London's city workers ignorant of impending data security penalties (from Computer Weekly at 30-3-2010) Almost two-thirds of London's city workers are unaware that businesses can be fined up to £500,000 for serious data breaches after 6 April, a survey has revealed. The fines are part of new powers granted to the Information Commissioner's Office that were confirmed in January to help enforce UK data protection laws Some 65% of the 500 city workers polled by security firm Cyber-Ark Software said they have not been informed of the new fines for breaches of personal data.... read more»

Will SMS Bring You Free Vouchers? (from Symantec at 30-3-2010) Symantec Security Response has become aware of multiple reports from mainland China and Hong Kong of an SMS worm targeting the Symbian S60 platform. The worm is detected as SymbOS.Merogo .There are two main reasons that facilitated the threat to gain grounds. First, China has a strong user base of the S60 platform. Second, the majority of those handset users have not turned on revocation checking, which would have prevented the threat from installing. Essentially the threat spreads through so... read more»

Researchers tracking zombie computers (from theaustralian at 30-3-2010) CRIMINALS who hide in the internet's shadows to launch cyber attacks through legions of compromised computers, or zombies, may be caught by traceback tools being developed locally. At present, computer crime forensic analysts can only track individual attacks back to the usually vast network of zombies herded together into a botnet for the purpose by an unknown malicious controller.... read more»

Serbia Marks End of .YU Internet Domain (from balkaninsight at 30-3-2010) After years of being alive on the web, Yugoslavia will disappear from the online world tomorrow when its ".yu" domain name officially expires on Tuesday at noon. The Serbian National Register of Internet Domain Names, RNIDS, has announced that the move to terminate the name came after a decision of the Internet Corporation for Assigned Names and Numbers, ICANN.... read more»

Erotic trojan keelhauls Japanese pirates (from The Register at 30-3-2010) Some Japanese aficionados of the "visual novel" who decided they'd really rather not pay to enjoy interactive erotic romp Cross Days ended up with their personal info splashed across the internet, TorrentFreak reports. The recently-released novel in question quickly popped up on filesharing sites for those who like their bangs without the bucks. One version, however, features an installer which snaffles personal info from the user's computer, grabs a quick screen shot and publishes the whole ... read more»

Elite intelligence unit to 'take down' crime lords (from BBC at 30-3-2010) An elite unit aimed at tackling organised crime, human trafficking and serious fraud has been officially opened by the justice secretary. Kenny MacAskill said the Scottish Intelligence Co-ordination Unit (SICU) would gather information about top gangsters in a bid to "take them down." It is part of the Scottish Crime and Drug Enforcement Agency (SCDEA). The unit will be housed in Livingston until the new Scottish Crime Campus at Gartcosh, Lanarkshire, opens in 2012. It was created to act as t... read more»

Google sees Hong Kong traffic jump (from IT Pro at 30-3-2010) Traffic to Google's Hong Kong servers has jumped since the web firm redirected its traffic there to avoid Chinese censorship rules. Last week, Google announced it had started redirecting its Google.cn site to its Hong Kong version, so it could stop censoring search, as part of an ongoing battle with the Chinese government. Since then, the traffic the Hong Kong site sees has jumped from virtually nothing to three per cent of Google's global traffic, suggesting Chinese users are still looking t... read more»

Tech coalition pushes rewrite of online privacy law (from CNet at 30-3-2010) A broad coalition of companies including Google, Microsoft, and AT&T, joined by liberal and conservative advocacy groups, will announce a major push Tuesday to update federal privacy laws to protect mobile and cloud computing users, CNET has learned. They hope to convince the U.S. Congress to update a 1986 law--written in the pre-Internet era of telephone modems and the black-and-white Macintosh Plus--to sweep in location privacy and documents stored on the Web through services like Google D... read more»

Court papers identify JC Penney as hacking victim (from Yahoo at 30-3-2010) JC Penney Co Inc was one of the victims of notorious computer hacker Albert Gonzalez, according to unsealed documents made available on Monday by a federal judge in Boston. Penney, which during Gonzalez' trial had asked the U.S. District Court for the District of Massachusetts to bar the government from disclosing its identity, was revealed in the documents to be the company that had been known throughout the trial as "Company A."... read more»

Child safety tsar demands faster action (from The Register at 30-3-2010) The UK may be a world leader when it comes to internet safety – but it needs to do more - that was today’s verdict from Professor Tanya Byron – author of the government’s current policy on the internet, Safer Children in a Digital World. Byron confirmed that the UK is the world leader in child internet safety but advised that government and industry need to make faster progress if the UK is to stay ahead of advances in technology.... read more»

US lawmakers ask for FTC investigation of Google Buzz (from Computer World at 30-3-2010) Eleven U.S. lawmakers have asked the U.S. Federal Trade Commission to investigate Google's launch of its Buzz social-networking product for breaches of consumer privacy. The representatives -- six Democrats and five Republicans from the House Energy and Commerce Committee -- noted in their letter that Google's roll-out of Buzz exposed private information of users to Google's Gmail service to outsiders. In one case, a 9-year-old girl accidentally shared her contact list in Gmail with a person ... read more»

A quarter of underage children have social networking profiles (from The Register at 30-3-2010) One in four underage children have profiles on social networking sites, according to research by media regulator Ofcom. The survey found that 25 per cent of eight to 12-year-olds surveyed have a social networking profile. Children under 13 are not allowed to have a profile on the major platforms, including Facebook, Bebo and MySpace, under those sites' terms of use.The under-age users of the social networking sites, though, appear to be privacy-literate and aware of the potential dangers of h... read more»

Problem 6: Burned Out Yet? (from CSOonline at 30-3-2010) “I love my job!” Can you say that? Honestly? Or, maybe we should take off the exclamation point and change a few words around. How about: “My job is pretty cool, and I like being a security pro on most days. The pay is decent.” There are two different aspects to this topic that I’d like to discuss. First, security professionals will likely experience exhaustion at various times throughout the year. Like firefighters after a major fire, hard work with little rest will require some extra time... read more»

FISMA: A good idea whose time never came (from Government Computer News at 30-3-2010) A funny thing happened with the Federal Information Security Management Act of 2002. Critics complain that the law has created a “culture of compliance” in which administrators focus on paperwork rather than results. But in spite of this culture, agencies have not achieved real security. “An underlying cause for information security weaknesses identified at federal agencies is that [the agencies] have not yet fully or effectively implemented key elements of an agencywide information security ... read more»

Ukrainian hacker liable in SEC insider trading case (from Reuters at 30-3-2010) A Ukrainian national who traded on insider information he obtained by hacking into a secure computer network was ordered by a U.S. judge to forfeit $580,000 in profits, interest and civil penalties, U.S. securities regulators said on Monday. The U.S. Securities and Exchange Commission had accused Oleksandr Dorozhko of gaining access to material nonpublic information about IMS Health Inc's third-quarter 2007 earnings by infiltrating the computer network of Thomson Financial. IMS had planned to... read more»

Western Australian Government websites defaced by hackers (from Computer World at 30-3-2010) The Western Australian Government came under attack from hackers who defaced nine of its websites in two days, including the Government House and the City of Perth earlier this month. The defacements were commonly SQL injection attacks, a kind of attack that is considered by many to be a low-level threat. But the attacks follow the discovery of prolific web and application vulnerablilities in a scathing report into lax security standards of Western Australian hospitals and government depar... read more»

Hosting Ukraine Burnt Out | HostExploit (from rbnexploit at 30-3-2010) Hosting UA in Odessa one of the main data centers and hosts in Ukraine is offline, due to a major fire. AS41665 HOSTING-AS National Hosting Provider, UAwith 144,384 IP addresses and was # 4 on the HostExploit Bad Hosts Report in December 2009 out of 34,000 ASNs (autonomous servers / hosts) compared for serving badness on the Internet. Although in the forthcoming HostExploit Top Bad Host report – Hosting Ua had demonstrated some improvement over the first quarter 2010, see forthcomingHostExplo... read more»

Cyber criminals change tactics (from The Age - Australia at 30-3-2010) Mass indiscriminate computer attacks are giving way to highly targeted individual attempts in a new wave of professional cyber crime, experts say. Right now millions of computers are being targeted all over the world. At one point last week, home computers and telecommunications companies were the two user groups most under threat worldwide. In Australia alone, 2.95 million attacks have been detected, originating mainly from Canada, the US and China.... read more»

Government goes to war with Google over net censorship (from The Age - Australia at 30-3-2010) The Communications Minister, Stephen Conroy, has launched a stinging attack on Google and its credibility in response to the search giant's campaign against the government's internet filtering policy. In an interview on ABC Radio last night, Senator Conroy also said he was unaware of complaints the Obama administration said it had raised with the government over the policy.The government intends to introduce legislation within weeks forcing all ISPs to block a blacklist of "refused classifica... read more»

MS coughs to Hotmail block (from The Register at 30-3-2010) Microsoft has apologised to its UK Hotmail users after some of the software vendor's IP addresses were embarrassingly blocked due to spamming. "Microsoft is dedicated to providing the most trusted and protected consumer experience on the web," said a Redmond spokesman. "We worked closely with Trend Micro to fix the issue and the service has now been restored for all customers. We sincerely apologise for any inconvenience and disruption this may have caused our customers." Universities around ... read more»

Scams Increase During U.S. Tax Season (from avertlabs at 30-3-2010) Scams based on the United States Internal Revenue Service requirements increase every year during tax season. It’s common to see online threats and tactics in which identity thieves and hackers try to convince taxpayers to reveal their personal and financial information. This year is no exception. Researchers at McAfee Labs continuously monitor threats to best protect our customers. We have identified a cluster of fake IRS URLs.... read more»

Student Loan Records Stolen from Non-Profit Company (from Softpedia at 30-3-2010) A portable media device, stolen one week ago from a company specializing in student loan bankruptcy services, contained personal identifiable information on over 3.3 million borrowers. The organization will notify the affected individuals and will offer them free credit protection services. The theft occurred from the offices of Educational Credit Management Corporation (ECMC), one of the top guaranty agencies in the U.S., which is also Department of Education's designated provider for studen... read more»

Cybercrime and Hacktivism in the Headlines (from avertlabs at 30-3-2010) All over the world, individuals and many organized crime and mafia groups have found that the Internet can help them make a lot of money. Others are motivated by ideology: Manipulated by or acting in accordance with an ethos, they conduct illegal activities against institutions or individuals they consider the “enemy.” Far removed from the isolated individuals acting simply irresponsibly or for amusement, these two groups constitute the double threat we know today as cybercrime and hacktivism.... read more»

BT hijacks business browsers (from The Register at 30-3-2010) BT is annoying business broadband customers by hijacking their browsers to nag them to download a branded desktop utility. The firm has decided it simply must tell subscribers about "Desktop Help", which it says allows it to fix users' technical problems remotely. To that end, it is redirecting HTTP requests to its own marketing page, "as when trialled it did allow us to successfully communicate the availability of Desktop Help to a large number of customers" Unsurprisingly, many BT Busine... read more»

To Protect the U.S. Against Cyberwar, Best Defense Is a Good Offense (from US News at 30-3-2010) James Lewis is a senior fellow and program director at the Center for Strategic and International Studies. Start with some definitions: Cyberwar is the use of attacks in cyberspace to erode an opponent's will and capabilities to resist. Cyber terrorism is the use of attacks in cyberspace to create fear and horror in the target population to achieve some political end. We have seen neither, though there have been many successful exploits by our opponents in cyberspace and much damage to our se... read more»

Cyberwar Rhetoric Is Scarier Than Threat of Foreign Attack (from US News at 30-3-2010) Marcus Ranum is an expert on security system design and chief security officer for Tenable Network Security. I've worked on information security for more than 20 years, and during that time, there hasn't been a year that has gone by without news like "hacker breaks into Department of Defense computer networks " or "industrial spies access high-tech plans." Suddenly, the steady drumbeat of computer/network security has been pushed to center stage, and now our government is talking about "cybe... read more»

Netregistry pulls out of China business (from Computer World at 30-3-2010) One of Australia’s most prominent domain name registrars has joined the world’s largest, GoDaddy.com, in ceasing to offer .cn services because of new regulatory obligations imposed by Chinese authorities. Netregistry chief executive officer, Larry Bloch, said the new requirements made offering the Chinese domain name extension service “untenable”. Previously, those looking to register a .cn domain name extension only had to provide a name, address and email, similar to .com services.... read more»

My Top 5 Cyber Fallacies (from intelfusion at 30-3-2010) Regardless of your position on the over-hyped and under-estimated realm of cyber conflict, crime, and espionage, you probably have a few pet fallacies. I thought it might be fun, and possibly instructive, to start a conversation about them. The TSA fallacy The TSA approach to airline security has been completely reactive because they focus on the method of attack (e.g., liquids, shoes, underwear) instead of the person. Likewise, Internet security companies focus on the technical characteri... read more»

Domain name security isn't easy (from hostexploit at 30-3-2010) Deploying Domain Name System Security Extensions isn’t easy. Federal managers who are responsible for implementing DNSSEC should take steps to make the process as painless as possible, panelists said at the FOSE 2010 trade show in Washington, D.C. “Start now, take baby steps and test, test, test,” advised Dan Malkovich, a systems engineer at Secure64 of Greenwood Village, Colo. Malkovich was one of a group of industry officials at a March 24 FOSE session who identified lessons learned from... read more»

Hacking to top of spy world (from hostexploit at 30-3-2010) The firm traced 12 billion emails in a study that showed a higher number of targeted attacks on computers come from China than previously thought. Researchers at Symantec found almost 30 per cent of malicious emails were sent from China and 21.3 per cent came from the city of Shaoxing. They said key targets for the hackers were experts in Asian defence policy and human rights activists, suggesting state involvement.... read more»

Lawsuit-threatening spam campaign links to malware (from hostexploit at 30-3-2010) A bevy of emails purportedly coming from New York-based law firms Crosby & Higgins, and Marcus Law Center has been hitting inboxes around the world, CA com www.community.ca. warns. With the fear-inducing subject line of "Lawsuit initiated against you", the email contains the following message (with minimal variations from email to email).... read more»

Malware that overwrites software updaters poses problems (from hostexploit at 30-3-2010) Nguyen Cong Cuong, an analyst with Bach Khoa Internetwork Security (BKIS), a Vietnamese security company, has written about a potential new problem vector. In a blog entry on the BKIS site, the analyst showed how a Malware infection overwrote the Adobe automatic updater program with itself in an attempt to mask its presence.... read more»

A Russian Strategist's Take On Information Warfare (from DarkReading at 29-3-2010) Today I'd like to introduce you to one of the main thinkers on information warfare, who most of you never heard of. S.P. Rastorguev. He is a Russian strategist who unfortunately, as far as I can find, hasn't been translated. He wrote several books, but the one I will be speaking of is called literally Information Warfare. In it, he discusses the human animal and how viruses of the mind can work just as well as viruses in computer systems, exploring many models of exploitation. While he cov... read more»

Foreign Policy: Africa's Internet Threat (from NPR at 29-3-2010) Imagine a network of virus-driven computers so infectious that it could bring down the world's top 10 leading economies with just a few strokes. It would require about 100 million computers working together as one, a "botnet" — the cybersecurity world's version of a WMD. But unlike its conventional weapons equivalent, this threat is the subject of no geopolitical row or diplomatic initiative. That's because no one sees it coming — straight out of Africa.... read more»

Phone companies don't protect against fraud (from news-press at 29-3-2010) I once got a $4,000 phone bill because our exchange student called his girlfriend in Ghana every afternoon before I got home from work. Until recently, this held the record for the biggest phone bill I'd ever heard of. Then I got a call from Karen Annunziato, office manager for Dr. Alexandra Konowal in Estero, whose phone bill was $142,660. One weekend last November, someone hacked into the office phone and made long-distance calls on the doctor's lines.... read more»

Online theft of $100K from N.J. town brings focus on rise of cyber scams during tough economy (from NJ at 29-3-2010) The signs seem to sprout overnight on telephone poles and along roadsides, offering upward of $500 a week to work from home. Such solicitations have long been used by scam artists trying to lure desperate souls into sending away cash for jobs that never materialize. But in a growing number of cases, authorities say they serve a more insidious end. According to the FBI, those work-from-home signs are increasingly being used to recruit "money mules" paid to illegally wire stolen cash oversea... read more»

A High Tech Synergy to Managing the Cyber-sex Offender (from corrections at 29-3-2010) It is no secret that convicted sex offenders are increasing being found online, particularly on social networking sites. In February of 2009, MySpace had reportedly removed 90,000 sex offenders from its site since 2007. (Wortham, 2009) At the end of 2009 New York’s Electronic Securing and Targeting of Online Predators Act (e-STOP) resulted in the removal of 11,721 profiles associated with 4,336 dangerous sexual predators registered in New York. (WIVB.com, 2010) Community corrections officers... read more»

Microsoft Security Bulletin Advance Notification for March 2010 (from Microsoft at 29-3-2010) This is an advance notification of an out-of-band security bulletin that Microsoft is intending to release on March 30, 2010. The bulletin is being released to address attacks against customers of Internet Explorer 6 and Internet Explorer 7. Users of Internet Explorer 8 and Windows 7 are not vulnerable to these attacks. Executive Summaries : This advance notification provides a descriptive name as the bulletin identifier, because the official Microsoft Security Bulletin numbers are not iss... read more»

Hackers invade cell phone: A Hawaii Kai man's bill hits $5,000 for unauthorized calls after he answers a call from a phone number he did not know (from freehacking at 29-3-2010) Hawaii residents apparently are falling victim to a scam triggered simply by answering their mobile phones. Callers then hack into mobile phones and use the phone number to make long-distance calls and possibly gain access to other information. "It's crazy. ... Now, with all these smart phones ... everybody has to be careful," said Hawaii Kai resident Kaulana Chang. Chang has one piece of advice after his experience: Use caller identification and don't answer unless you know the telepho... read more»

Company says 3.3M student loan records stolen (from ComputerWorld at 29-3-2010) Data on 3.3 million borrowers was stolen from a nonprofit company that helps with student loan financing. The theft occurred on March 20 or 21 from the headquarters of Educational Credit Management Corp. (ECMC), which services loans when student borrowers enter bankruptcy. The data was contained on portable media, said the organization, which is a dedicated guaranty agency for Virginia, Oregon and Connecticut. The data included names, addresses, birth dates and Social Security numbers but ... read more»

Hackers target job hunters (from straitstimes at 29-3-2010) The latest twist in 'identity theft' scams? The online hackers want your curriculum vitae (CV). Scammers have so far mostly stolen bank account information and passwords by tricking victims into clicking on a link in an e-mail message purportedly sent by, say, a bank. This is called 'phishing'. Here, at least one organisation - the Civil Aviation Authority of Singapore (CAAS) - has had to alert job seekers about how scammers are using its name to phish for CVs.... read more»

Following EPIC FOIA Request, Homeland Security Releases Privacy Study of Cybersecurity Project (from EPIC at 29-3-2010) The Department of Homeland Security (DHS) Privacy Office has released an unclassified version of the Privacy Impact Assessment (PIA) for the Initiative Three Exercise, a pilot exercise for the classified cybersecurity tool known as "EINSTEIN 3." EINSTEIN 3 is the next generation of the U.S. Computer Emergency Readiness Team's intrusion detection and prevention system for the federal government, which will involve active monitoring of all network traffic to and from federal agencies. DHS has n... read more»

NCAA and Butler targeted by criminals after winning weekend (from the tech herald at 29-3-2010) Here in Indianapolis, the big news this weekend was the 63-56 win for Butler University over Kansas State, earning Butler a hometown appearance in the NCAA Final Four. At the same time, fans of both the Butler Bulldogs and the NCAA as a whole were quickly targeted by criminals pushing Rogue anti-Virus software. Rogue anti-Virus applications are becoming more common online as criminals use affiliate programs to make money off their installations, and one of the top methods to do this is to hij... read more»

Facing up to Facebook - the realities of internet usage in the workplace (from nzherald at 29-3-2010) Facebook has hit the news at least twice this week. These stories serve as clear reminders, to employers and employees, of the perils of internet and email usage in the workplace. Now I'm not talking about John Key 'de-friending' people, which hit the news last Monday. No, this week's topic is about the ability to use Facebook as a mechanism for terminating employment, and a reminder to employees, and indeed potential employees, that big brother may be watching...... read more»

The International Secure Systems Development Conference - London 20-21st May 2010, Westminster Conference Centre (from issdconference at 29-3-2010) The International Secure Systems Development Conference addresses the key issues around designing-in security for standard and web-based software and systems, both in terms of developing new applications securely and also in adding security to legacy applications. The aim of the event is to help change the balance away from a repeated and ever more costly focus on securing ever more insecure infrastructures, to one which focuses on the creation of inherently secure systems through the introducti... read more»

The Mighty Fall at Pwn2Own (from TechNewsWorld at 29-3-2010) Three security experts tore into three Web browsers on Wednesday, the first day of the CanSecWest security conference in Vancouver, exposing flaws on a MacBook, iPhone and Windows PC, and winning cash and hardware in the process. Network security provider TippingPoint's Zero Day Initiative organized its contest to enable Apple and other companies to plug holes in their popular products and protect the data of their customers.... read more»

Google to produce internet guide … in a leaflet (from Guardian at 29-3-2010) Google, one of the world's most prominent evangelists for all things digital, has turned to one of the most traditional of old media routes to try to persuade more British people to go online: it is printing a leaflet. The Simple Guide to the Internet is part of the search engine group's commitment to Race Online 2012, an initiative started by the UK government's digital inclusion champion, Martha Lane Fox. The co-founder of Lastminute.com and the entrepreneur behind a growing Lucky Voice kar... read more»

Diploma mills keep churning out bogus degrees churning (from Star-Telegram at 29-3-2010) For only $963, anyone can get a high school diploma, an associate degree and a bachelor's degree based solely on "life experience." The problem? All three degrees are fake. With 53 diploma mills -- organizations that issue bogus degrees -- Texas ranks fifth in the United States, according to the British company Verifile, which tracks diploma mills. California tops the country with 134 companies, followed by Hawaii, Washington and Florida. Some mills issue medical and other degrees that ... read more»

Are GCHQ workers badly dressed? (from thisisgloucestershire at 29-3-2010) A leading journalist has said workers at Gloucestershire’s GCHQ site are viewed as “geeks” by other security agencies. BBC correspondent Gordon Carrera was writing in The Sunday Times ahead of a radio documentary on the listening post, to be broadcast tomorrow. He wrote: “GCHQ has long worked closely with MI6, and relationships with MI5 have become closer recently. Both agencies joke about GCHQ’s alleged lack of dress sense.”... read more»

Cops probe possible link with hacking (from expressbuzz at 29-3-2010) A day after the Chief Minister’s Office received an e-mail threat, the second in the last three months, the cyber cops are looking into an possible link with hacking of the Orissa Government official website. The official website was hacked on March 12. Originally hosted on NIC servers, the website has been moved out ever since. Saturday’s mail was sent from plga@orissa.gov.in. PLGA is abbreviated form of People’s Liberation Guerilla Army. The use of orissa.gov.in implies that the server, ... read more»

MSI tells 97,000 customers to 'Read The F***ing Manual' (from The Register at 29-3-2010) Late last week, global hardware manufacturer MSI informed the 97,000+ people registered with its support forums that its reps were "fed up" with repeating information easily found in user manuals. The company even went so far as to say that it had installed an "RTFM" chip on its hardware boards to determine whether users had read their manuals and that anyone who hadn't read them would be banned from support. For the uninitiated, RTFM is a widely recognized acronym for "Read The Fucking Manua... read more»

CanSecWest 2010 day 2 summary (from Sophos at 29-3-2010) The second day of CanSecWest was a beautiful day in Vancouver. The day was full of information-packed sessions and anticipation for the evening dinner party reception. "SEH overwrite and its exploitability - Shuichiro Suzuki" Shuichiro, who works for Forteenforty, demonstrated methods to bypass DEP using the Structured Exception handler in Windows. Julien and Tavis of Google shared with us the research they have been doing into kernel vulnerabilities. They were unable to share full detail... read more»

Arrests on the Rise (from garwarner at 29-3-2010) * Russia: Safe Haven no more? Russia has quietly arrested several suspects in one of the world's biggest cyberbank thefts, raising hopes of a previously unseen level of official co-operation in a country that has been a haven for criminals. * Your Federal Friends on Facebook? According to The Register, authorities used intelligence gathered from his Facebook page to identify his location and successfully make the arrest.... read more»