Internet (Lack of) Security News through 6/23

This Free IT-Security news feed is provided by E-Secure-IT; the most comprehensive and complete Business Risk Management Intelligence Service and IT-Security Risk and Threat Early Warning Service available in the market today. Visit us at www.e-secure-it.com or email more-info@e-secure-it.com for more information on our available services.
Rogue tax workers snooped on ex-spouses, family members     (from TheStar at 23-6-2010)     Dozens of workers at Canada’s tax agency have been caught snooping on their ex-spouses, mothers-in-law, creditors and others by reading confidential tax files. Internal reports at the Canada Revenue Agency show that rogue employees are improperly reviewing the private financial affairs of taxpayers without their knowledge. And some are using agency computers to give favoured treatment to colleagues, friends, family — and themselves.... read more»             FBI Finds Suspects In Half Of Leak Cases     (from informationweek at 23-6-2010)     The FBI has identified suspects in just over 50% of its investigations of classified U.S. intelligence leaks over the past five years. In a Department of Justice letter posted by the Federation of Amercian Scientists’ Secrecy News, the FBI describes its process for handling intelligence leak cases in response to questions posed by Senator Sheldon Whitehouse (D-RI). The information on classified intelligence leaks was provided to Congress on April 8, 2010 and published this month in the rec... read more»             Structure 2010 - The Year of the Cloud - Annual cloud-focused conference June 23–24, 2010     (from Gigaom at 23-6-2010)     Structure is back for its third year, and as the industry has grown, so have we! Structure 2010 introduces a two-day format to accommodate demand for more content and networking time. Join us June 23–24, 2010, in San Francisco, as we shape the future of the cloud industry. Cloud computing has caught the technology world’s imagination. At Structure 2010, we celebrate cloud computing and recognize that it is just one part of the fabric that makes up the global compute infrastructure we rely on ... read more»             How cybercrooks could cash in on your Facebook data     (from Itbusiness at 23-6-2010)     The gargantuan amount of high-quality user data on Facebook is causing everyone--from marketers to hackers--to salivate like dogs gazing at a steak. They all want a piece of you. Thanks to Facebook's Open Graph API (which simplifies the development of third-party applications that interoperate with the social networking site) and social plug-ins (which essentially splash Facebook's "Like" button all over the Internet), people who are interested in your data are getting a chance at a much choi... read more»             Budget cuts need not compromise IT security     (from ComputerWeekly at 23-6-2010)     The coalition government's tough first budget could have a negative impact on cyber security, with IT budgets coming under additional pressure. IT budgets will be hit by an additional 2.5% tax on all IT services and goods, with chancellor of the exchequer George Osborne raising VAT to 20%. IT spending in government departments will undoubtedly come under pressure with planned spending cuts of £17bn by 2015.... read more»             Travelers, be wary of 'data passing' online     (from The Washington Post at 23-6-2010)     Kathy Agosta calls it a "blatant ambush of personal credit card information." But it's far from clear who was doing the ambushing. Agosta, a fundraiser for a nonprofit organization in Ann Arbor, Mich., had just booked a flight from Detroit to Barcelona on Travelocity, when a "$20 cash back" offer flickered across her computer screen.... read more»             Aussies: Get a virus, no Web for you!     (from Yahoo News at 23-6-2010)     How do you deal with an epidemic like the spread of computer malware? Australia thinks it has the answer: Blame the victim. I’m not entirely joking: A new plan floated by the country’s House of Representatives Standing Committee on Communications suggests that Australia should allow ISPs to mandate anti-virus and firewall protection among their customers. If a customer does get a malware infection, the ISP would be allowed to cut off that customer’s connection until the problem was fixed.... read more»             Calif man accused of extortion through hacking     (from Yahoo News at 23-6-2010)     A hacker took over more than 100 computers and used them to extort sxxually explicit videos from women and teenage girls by threatening to release their personal data, federal prosecutors charged Tuesday. Luis Mijangos, 31, of Santa Ana, was arrested at his home by FBI agents on a charge of extortion that carries a maximum federal prison sentence of two years, according to a statement from the U.S. attorney's office.... read more»             Researcher 'Fingerprints' The Bad Guys Behind The Malware     (from DarkReading at 23-6-2010)     Malware writers actually leave behind a telling trail of clues that can help identify their native tongue, their geographic location, their ties to other attacks -- and, in some cases, lead law enforcement to their true identities. A researcher at Black Hat USA next month plans to give away a homemade tool that helps organizations glean this type of intelligence about the actual attacker behind the malware.... read more»             OWASP New Zealand Day 2010     (from Owasp at 23-6-2010)     The OWASP New Zealand Chapter decided to organise the OWASP New Zealand Day 2010. The event will be held on the 15th July 2010 in Auckland. For those people who missed the first OWASP New Zealand Day, this is a national security conference entirely dedicated to web application security. The intent of the conference is to promote and raise web application security awareness in New Zealand. IT professionals, including security professionals, developers, managers and students are invited to parteci... read more»             Botnets Will Dominate Cyberattacks Through 2013: Gartner     (from eSecurity Planet at 23-6-2010)     The past year has been replete with dramatic headlines documenting cyberattacks against high-profile targets, including Google and the Defense Department, but the basic method of delivering those exploits has held to a familiar pattern, a senior analyst at Gartner said Monday at the research firm's annual Security and Risk Management Summit.... read more»             How students have become online beggars     (from CNet at 23-6-2010)     There's only one thing I know about students. There are too many of them. The dominance of online practices over the traditional analog methods has meant that, truly, we need fewer people to make the commercial world spin around. Machines can now do the work of thousands of interns. We therefore need fewer students to emerge from the college system, students who believe that they have talents given by God, when in fact they're not even all that good at beer pong.... read more»             32% of laptop thefts happen at home     (from NetworkWorld at 23-6-2010)     Nearly a third (32 percent) of all laptops stolen in the UK are taken from homes, says Absolute Software. Research by the laptop security software manufacturer revealed that the more laptops are stolen from homes in the UK than in France (22 percent), the US (18 percent) and Germany (17 percent)As a result, Absolute Software is warning Brits to be careful when leaving their home unattended during their summer holiday.... read more»             Trustwave Acquires Breach Security     (from CIO at 23-6-2010)     Trustwave has acquired Breach Security for an undisclosed sum, an acquisition that the company said would bring Breach Security's Web application firewall together with Trustwave's own enterprise security tools. Trustwave will continue to sell and support Breach Security's Web application firewall, which is designed to filter out attacks that could give hackers access to personal customer data and to an enterprise's internal systems, the company said in a press release. Trustwave will also ad... read more»             Cisco Warns Of Rising World Cup Malware     (from eweekeurope at 23-6-2010)     As the world’s legitimate Web traffic increases, so do instances of spam e-mail, Internet-borne malware and general hacker activity. When special or unusual events happen — such as the current Gulf oil spill or the FIFA World Cup soccer tournament in South Africa — communications traffic of all kinds skyrockets. This takes into account text messaging, e-mail, Web searches, cell phone usage, television and Web streaming video, among others. Cisco ScanSafe SAAS Web security service reported Jun... read more»             Broker collapse hits 3000 clients     (from The Age - Australia at 23-6-2010)     One of the country's biggest intermediary brokers, Melbourne-based Sonray Capital, collapsed at 11pm yesterday, freezing 3000 client accounts. Ferrier Hodgson has been appointed as the administrators and will meet the corporate watchdog Australian Securities & Investments Commission to investigate the reason for the collapse.... read more»             Why Security Needs to Catch Up to Web 2.0     (from CIO at 23-6-2010)     Security managers can keep blocking Facebook, refusing to support mobile devices and vetoing cloud-based services, but they aren't going away. And ignoring ways to make room for them in your security program is like burying your head in the sand, according to Tom Gillis, vice president and general manager of Cisco's security technology business unit, and author of the new book Securing the Borderless Network: Security for the Web 2.0 World.... read more»             Why publishing exploit code is generally a bad idea if you're paid to protect     (from Cgisecurity at 23-6-2010)     Robert A's intention of this post isn't to insult or flame Tavis, it is to debate the act of releasing PoC exploit code when one is employed to protect people. While this issue was likely known already, had Tavis waited 90 days (lets say it would take 90 days for MS to fix this) for the fix to be released maybe 1k-10k people would have been owned by the small circle that already knew about to exploit it. Now that the public exploit code is public 100k+ people are likely going to get owned wit... read more»             The Secret Online Lives of Teens     (from McAfee at 23-6-2010)     Do you know what your kids are doing online—whether they are talking to strangers or putting their computers and themselves at risk? Chances are, you know something about what your kids are doing on the Internet but not everything. Today’s young people are “digital natives” who grew up with the Internet and use it more skillfully and comfortably than many adults—for communication, education, and entertainment. However, their high level of online participation also opens them up to potential d... read more»             Better cybersecurity depends on better information management     (from Gcn at 23-6-2010)     It might sound like heresy, but information sharing is overrated, said Tony Sager of the National Security Agency. IT security officials already are overloaded with information, Sager said. As chief of the vulnerability analysis and operations group in NSA’s Information Assurance Directorate, which runs Red Team penetration tests, Sager has generated his share of security information over the past 33 years. But that data often contributes little to improving the security of government IT syst... read more»             Woman charged with 'hacking' Warwick company's computer     (from warwickonline at 23-6-2010)     A Richmond woman has been charged with hacking the computer of BayWatch RI Marine Towing in Warwick. Rhode Island State Police arrested Kimberly Tefft, 42, of 512 Kingstown Road, last week, charging her with intentional accessing and damaging a computer, a felony and misdemeanor computer trespass. State police said Tefft is a former employee who was laid off from the marine towing company in November of 2009. They said she was told she was not going to be taken back in April.... read more»             World Cup continues to drive spam - The UK reported 88 per cent of email as spam     (from v3 at 23-6-2010)     The World Cup is continuing to play a major role in global spam loads, according to Symantec. The company said in its monthly MessageLabs Intelligence report that throughout the month the football tournament had been popular not only for pushing spam related to the event, but also for getting unrelated spam messages through filters.... read more»             Hackers Aren't Only Threat to Privacy     (from The Wall Street Journal at 23-6-2010)     Sophisticated hackers aren't the only ones gaining access to sensitive data on the Internet. A large amount of personal information is being left exposed or poorly protected by companies and governments. The number of identity-theft victims in the U.S. jumped 12% to 11.1 million in 2009, according to research company Javelin Strategy & Research. Fraud cases reported to the Internet Crime Complaint Center, which is partly run by the Federal Bureau of Investigation, climbed 23% to 336,655 last ... read more»             US hacker allegedly extorted sxx videos from teens     (from nzherald at 23-6-2010)     A hacker took over more than 100 computers and used them to extort sxxually explicit videos from women and teenage girls by threatening to release their personal data, federal prosecutors charged. Luis Mijangos, 31, of Santa Ana, was arrested at his home by FBI agents on a charge of extortion that carries a maximum federal prison sentence of two years, according to a statement from the US attorney's office.... read more»             Threat Analysis of the Android Market     (from smobilesystems at 23-6-2010)     Security researchers have been debating the risk that application repositories pose to consumers and enterprises for several years now. At this point, it is no longer just a theory that attackers could use these repositories as a means to distribute malicious applications that are built specifically to defraud a user of their personal information, facilitate spying, or steal money and trade secrets- All of these things are happening today.... read more»             'World's No. 1 hacker' tome rocks security world     (from The Register at 23-6-2010)     A recently published e-book penned by the self-proclaimed “world's No. 1 hacker” is rocking the security community with back-and-forth allegations of plagiarism, racism, and even threats against a security podcaster and his family. How to Become the World's No. 1 Hacker is purportedly written by Gregory D. Evans, an animated felon who went on to become CEO of Ligatt Security International, a publicly traded company worth about 0.0002 cent per share that bills itself as a full-service computer... read more»             Half of IT professionals leave mobile security to chance     (from Help Net Security at 23-6-2010)     As threats to corporate data grow, and the cost of breaches increase, a survey of alleged security conscious professionals has remarkably revealed that over half of respondents (52%), who admit to carrying company data on a USB stick, do not encrypt it. Remarkably, 11% of this savvy audience, who really should know better, ‘protect’ their devices with passwords alone – an insufficient defense that is widely understood to be easily breached.... read more»             Flaw in VPN systems nullifies its promise of privacy     (from Help Net Security at 23-6-2010)     Worried about your goings-on being monitored on the Internet, you have resorted to using VPN. But, is your privacy really assured? According to researchers, the answer is "no". A security flaw in the VPN systems - caused by the combination of IPv6 and PPTP-based VPN services - can be exploited and your IP address, MAC address and your computer name can be identified. The existence of the flaw was made public at the Telecomix Cyphernetics Assembly in Sweden, home country of the Pirate Bay a... read more»             Man accused of extortion through hacking     (from Sydney Morning Herald at 23-6-2010)     A hacker took over more than 100 computers and used them to extort sxxxally explicit videos from women and teenage girls by threatening to release their personal data, US federal prosecutors charged Tuesday. Luis Mijangos, 31, of Santa Ana, was arrested at his home by FBI agents and was scheduled to be charged with extortion that carries a maximum federal prison sentence of two years, according to a statement from the US attorney's office.... read more»             Dealing With Malicious Software - How tough it can be to eradicate viruses     (from infosecurityadviser at 23-6-2010)     One would think that after all these years we would be able to contain the threat posed to our systems and data by computer viruses. But the rise of botnets as tools to be used by organised online criminal gangs has seen computer viruses more tenacious and difficult to deal with than ever before. The impact in recent years of computer viruses such as Conficker and Zeus demonstrate how tough it can be to eradicate these viruses... read more»             Cyberwar - Why your threat model is probably wrong     (from thinkst at 23-6-2010)     My original brief was to talk on how i would go about attacking a modern connected state. I noticed that Charlie (Miller) was covering this topic, so opted to go another route. For this talk my point is simply to point out, that there are probably some big holes in your current threat model. I’m just going to raise 5 questions, and you should be checking them against your threat model to see if you currently cater for it. (Sadly, i don’t necessarily have answers to all of them.. but if y... read more»             Blockbuster-style report     (from hostexploit at 23-6-2010)     The United Nations Office on Drugs and Crime has circulated a report on crime globalization. The report is centered on abusers’ active penetration into the Worldwide Web for fraud and spreading child pxxnography. The report authors claim that the cyber-criminals threaten national security by penetrating the control systems of power grids, airlines and nuclear facilities. But some Russian experts question the reality of the scenario. The observer of the Moscow-based Novaya Gazeta periodical Yu... read more»             Hackers could become the hacked     (from BCS at 23-6-2010)     Cyber crooks are leaving the tools they use to attack websites unsecure, making them vulnerable to be attacked back according to new research. Security experts say they've found that many of the kits online criminals use are full of bugs. And that means that the bugs could be used to turn the criminals' own attacks against them. Not only that, it's thought that the bugs could even be traced back to whoever is using the tools.... read more»             Computer Infected? Call the hotline     (from ComputerWorld at 23-6-2010)     A 24x7 cybercrime complaints office could be added to Australia’s burgeoning online defence portfolio, following calls by a federal parliamentary committee on Monday. The office would join the twin government Computer Emergency Response Teams, the Cyber Security Operations Centre, the Attorney-General's Department, the office of the National Security Advisor, and the Department of Broadband Communications and Digital Economy to form part of what committee chairwoman Belinda Neal called “a nat... read more»             WikiLeaks founder told to avoid U.S.     (from national post at 22-6-2010)     After almost a month in the shadows, Julian Assange, the controversial founder of WikiLeaks, surfaced in Brussels on Monday. He was tempted out of hiding by an invitation to speak on the freedom of the press, something his electronic whistleblowers’ platform is keen to support. But the Australian-born Mr. Assange, 37, won’t be visiting the United States anytime soon, voluntarily at least. U.S. officials reportedly want to question him about how he obtained controversial film of an Apach... read more»             States to Investigate Google Data Collection     (from The New York Times at 22-6-2010)     Connecticut’s attorney general said Monday that he would lead a multistate investigation into whether Google broke laws when it siphoned personal data off of wireless networks around the world. The company has said the data collection was inadvertent. Attorney General Richard Blumenthal said more than 30 states had participated in a recent conference call on the issue. He said consumers had a right to know what information was collected, and whether states need to alter procedures to guard ag... read more»             Why security needs to catch up to Web 2.0     (from ComputerWorld at 22-6-2010)     Security managers can keep blocking Facebook, refusing to support mobile devices and vetoing cloud-based services, but they aren't going away. And ignoring ways to make room for them in your security program is like burying your head in the sand, according to Tom Gillis, vice president and general manager of Cisco's security technology business unit, and author of the new book Securing the Borderless Network: Security for the Web 2.0 World. Gillis' main message in the book is that today's new... read more»             Cybersecurity Czar: Remember, End Users Are No Security Experts     (from CRN at 22-6-2010)     The Obama administration's top cybersecurity official Tuesday called for cooperation among public and private sector interests to drive cybersecurity policy going forward. The agenda can't just be about the technology, he said. It has to account for the digital transactions necessary for everything from online banking to electronic health records and include the online experience for users, who don't want to be forced off comfortable work habits because of security risks. "There is always ... read more»             June roundup – '90 Second News'     (from Sophos at 22-6-2010)     Don't just read the latest computer security news – watch it in 90 seconds! Learn how Facebook 'clickjacking' actually works. Find out why Google is in the dogbox over vulnerability disclosure. See which companies had PR disasters sending out malware this month. And smile at the latest cybercrime busts in Spain.... read more»             Anti-virus software takes 'two days' to block new malware     (from ComputerWorldUk at 22-6-2010)     New research has further confirmed the difficulties security software companies are having keeping up with an explosion in malicious software programs on the internet. Security software from major vendors can take an average of two days to block a website designed to attack a computer visiting it, according to the latest report from NSS Labs, which tested security software suites against fresh malware released on the internet. "The magnitude of these findings should be nothing short of an ... read more»             Small And Midsize Businesses Getting Serious About Security, Study Says     (from DarkReading at 22-6-2010)     Once viewed as easy marks by hackers and cybercriminals, small and midsize businesses (SMBs) are fighting back, according to a study published today. According to a report (PDF) conducted by Applied Research and published by Symantec, SMBs' attitudes about security and data integrity have changed significantly over the past year, resulting in higher prioritization of security issues and more spending on technology. "Last year when we conducted this survey, a lot of SMBs were very confident... read more»             Schools, Filtering Companies Blocking Google SSL     (from Slashdot at 22-6-2010)     Over the past several weeks we've discussed the rolling out of Google SSL search. Now an obstacle to the rollout has arisen, much to the frustration of school students and teachers alike. Content filter vendors have decided to block all Google SSL traffic — which also blocks access to Google Apps for Education. Google is working to appease these vendors. The questions at the heart of this situation are: Does a company (school, government) have a right to restrict SSL traffic so it can snoop your... read more»             Security software lags explosion of new malware     (from InfoWorld at 22-6-2010)     New research has further confirmed the difficulties security software companies are having keeping up with an explosion in malicious software programs on the Internet. Security software from major vendors can take an average of two days to block a Website designed to attack a computer visiting it, according to the latest report from NSS Labs, which tested security software suites against fresh malware released on the Internet. "The magnitude of these findings should be nothing short of an ... read more»             U.S.-CERT Needs Enforcement Authority     (from govinfosecurity at 22-6-2010)     Notwithstanding its many accomplishments over the past several years, the U.S. Computer Emergency Readiness Team is still hindered in its ability to provide an effective analysis and warning program for the federal government in a number of ways. Specifically, U.S.-CERT does not have the appropriate enforcement authority to help mitigate security incidents; it is not sufficiently staffed to perform its mission; and it has not finalized and approved its performance measures and policies and pr... read more»             DON IT 2011 West Coast Conference Jan 24, 2011 - Jan 27, 2011     (from navy at 22-6-2010)     The Department of the Navy Information Technology Conference will run from Jan. 24 to Jan. 27, 2011, at the San Diego Convention Center in San Diego, Ca. The DON Chief Information Officer is hosting the DON IT Conference at the same time and location as the WEST Conference sponsored by the Armed Forces Communications and Electronics Association (AFCEA) and United States Naval Institute (USNI). The DON IT Conference will provide a venue to hear information and participate in discussions about ... read more»             Cyber crooks could be undone by their own tools     (from hostexploit at 22-6-2010)     Internet criminals could become the victims of the shonky software they use to attack innocent web users according to a French insecurity expert. Lauren Oudet from Tehtri Security reckons that some of the off-the-shelf Malware tools used by web hackers are so shoddily coded that they could easily be used to identify the criminals, or in some cases even set up counter attacks against them.... read more»             National Party members vote against internet filter     (from apcmag at 22-6-2010)     The National Party has come out swinging against Labor's proposed centralised internet censorship scheme, saying it had been inundated with complaints from constituents. The National Party of Australia has come out swinging against the Federal Government’s mandatory internet filter policy, with a motion passed at the party’s Federal conference on the weekend against the idea. The motion stated that “The Federal Conference of the Nationals opposes any mandatory ISP-level internet censorship... read more»             Kent Police lose confidential data     (from ComputerWorldUk at 22-6-2010)     Kent Police has been found in breach of the Data Protection Act, after confidential data was stolen from a police car sitting outside an officer's house. The nature of the information was not disclosed. But with all the data in physical document form, the news may serve as a reminder that paper is still as easily lost as memory sticks and laptops. The Information Commissioner’s Office said the files had not been stored in a secure briefcase. The police force was also blamed for not providi... read more»             NationalCyberSecurity.com has all “Original Content”     (from praetorianprefect at 22-6-2010)     National Cyber Security is the number one cyber security related reference and news portal. It is their vital mission to help secure not only the nation, but the world from cyber criminal threats being faced daily. Their references include a cyber security watch news, blogs written by cyber security professionals, cyber security links, and email correspondence to their professionals who help protect website visitors from any cyber threat.... read more»             Calls for national office to tackle cyber crime     (from Yahoo at 22-6-2010)     A federal parliamentary committee has called for new measures to deal with an explosion of fraud and scams on the internet. The committee has recommended internet providers be obliged to tell people if their computers are infected with a virus. The committee also wants an office of online security set up to combat cyber crime, and a 24-hour complaints centre to help victims of internet crimes. Committee chairwoman Belinda Neal says internet service providers (ISPs) must be made to tell people... read more»             Most IT professionals fail to encrypt USB, survey reveals     (from Computer Weekly at 22-6-2010)     Over half of IT professionals do not encrypt the USB sticks they use to store company data, a survey has revealed. Some 11% of over 200 IT professionals polled at Infosecurity Europe 2010 by security firm Credant Technologies said they used only a password to protect their mobile storage devices. Sixty-seven per cent admitted they carried information relating to their company's intellectual property, 40% carried customer data and 26% carried employee details.... read more»             Kent Police fails on data security     (from v3 at 22-6-2010)     The Information Commissioner's Office (ICO) has found Kent Police in breach of the Data Protection Act. This is the second time in as many weeks that the ICO has set its enforcers on the police. The Independent Police Complaints Commission (IPCC) was hit with an enforcement notice last week after failing to respond to 69 Freedom of Information requests on time.... read more»             Explosion of online malware confounds security firms     (from Itbusiness at 22-6-2010)     New research has further confirmed the difficulties security software companies are having keeping up with an explosion in malicious software programs on the Internet. Security software from major vendors can take an average of two days to block a Web site designed to attack a computer visiting it, according to the latest report from NSS Labs, which tested security software suites against fresh malware released on the Internet.... read more»             Cyber cops want stronger domain rules     (from The Register at 22-6-2010)     International police have called for stricter rules on domain name registration, to help them track down online crooks, warning the industry that if it does not self-regulate, governments could legislate. The changes, which are still under discussion, would place more onerous requirements on ICANN-accredited domain name registrars, and would likely lead to an increase in the price of domains.... read more»             Third of laptops stolen from home     (from TechWorld at 22-6-2010)     Nearly a third (32 percent) of all laptops stolen in the UK are taken from homes, says Absolute Software. Research by the laptop security software manufacturer revealed that the more laptops are stolen from homes in the UK than in France (22 percent), the US (18 percent) and Germany (17 percent). As a result, Absolute Software is warning Brits to be careful when leaving their home unattended during their summer holiday.... read more»             Popularity is the biggest hack magnet     (from InfoWorld at 22-6-2010)     I frequently tell readers and audiences that the most widely used software in a particular category is successfully exploited the most. I've alluded to this theory as Roger's Hacking Popularity Corollary -- I've also seen it called the "Grimes Corollary" -- though taking singular credit for widespread commonsense may be a bit disingenuous. As the popular saying goes, bank robbers rob banks because that's where the money is. When talking about the corollary, I stress product popularity and suc... read more»             Inquiry calls for 'cyber czar', compulsory anti-virus     (from ITNews at 22-6-2010)     A parliamentary inquiry into cybercrime has recommended the Government appoint a Cyber Security Coordinator to lead whole-of-Government activities. In a report presented to the Federal House of Representatives yesterday, the Standing Committee on Communications highlighted a need to consolidate Australian security efforts. The Committee called for the establishment of an 'Office of Online Security', which would be located in the Department of Prime Minister and Cabinet and headed by the Cy... read more»             Penalty for identity theft has increased     (from Madison Record at 22-6-2010)     A new federal law enacted in February 2008 increased the penalties for perpetrators of identity theft from five to 15 years in prison, yet the increased penalties barely made a dent in identity theft crime. Identity theft has become big business for those who aim to make a buck by stealing the identities of their victims. Identity theft occurs when someone takes information such as Social Security identification, a driver's license number or a credit card, and uses it for his or her own pe... read more»             Anti-ID theft passport cover 'preys on fears'     (from Scotland On Sunday at 22-6-2010)     A COMPANY which sells passport covers that claim to protect travellers from identity theft has been accused by the Home Office of preying on ungrounded fears. Hampshire-based myId is charging customers up to £20 for a cover fitted with technology it says will block criminals from stealing details from the new generation of biometric passports. Around 20 million of the passports – aimed at improving security by encoding personal data on a Radio Frequency Identification (RFID) chip – have al... read more»             Ashcroft: Cybersecurity Takes a Village     (from eSecurity Planet at 22-6-2010)     Just as the intelligence and law-enforcement communities rely on tips from vigilant citizens, enterprises too must broaden their approach to information security, former Attorney General John Ashcroft said in a speech Monday morning. Enterprises that relegate their security operations to a siloed department cordoned off from the rest of the organization do so at their own peril, Ashcroft warned an audience of IT security professionals here at the Gartner Security and Risk Management Summit.... read more»             America's Most Wanted - Malicious Website Edition     (from EWeek at 22-6-2010)     Researchers at AVAST Software have listed the most infected Websites on the Internet. The security company's first "America's Most Wanted" roster features a number of sites with a common theme - pop culture. In particular, sites about games, celebrities, anime, and television- and movie-related domains were among May's worst offenders.... read more»             Google: We Were Not Hacked     (from cbsnews at 22-6-2010)     Turns out that Google Trends was not hacked last week. But it apparently did get get fooled for a spell. On June 17, the phrase "lol n------" appeared early in the morning while other terms were oddly broad and not the sort that one usually finds on the Google Trends list of hot topic issues. In an official response issued late Monday, Google said that "a questionable term" on its Hot Trends list appeared on the list "for a few hours following a surge of search activity for the query."... read more»             UPDATE: Beesies continue..The World Championships for Dummies     (from Norman at 22-6-2010)     At this moment, the “Beesies” are not just an advertisement on nl.msn.com any more, it is even a featured article to download the “Beesie-moticons” now. Now in this case, the emoticons are harmless, but… The next time it may not be… And then we will all download them again, even if all the signs are there we shouldn’t, right? Because last time it was innocent… So this time, it will be too, won’t it? And I did not even go into details about the risk of the “1clicksend2friend.com” part. One th... read more»             Information protection priorities and recommendations     (from Net-Security at 22-6-2010)     SMBs are now making protecting their information their highest IT priority, as opposed to 15 months ago when a high percentage had failed to enact even the most basic safeguards, according to a survey by Symantec. This shift makes sense as SMBs are facing increased threats from cyber attacks, lost devices and loss of confidential or proprietary data. The survey is based on responses from 2,152 SMB executives and IT decision makers in 28 countries in May 2010.... read more»             Senior leaders becoming disconnected from security     (from scmagazineus at 22-6-2010)     The boards and senior executives at many organizations are not adequately involved in enterprise privacy and security decisions, according to a report released by researchers at Carnegie Mellon University's CyLab. In the survey of 66 board members and senior executives at Fortune 100 companies, released last week, none of the respondents said that improving computer and data security is a top board priority, even though 56 percent said improving risk management is, according to the report.... read more»             Data Breaches Will Increase This Year, Security And Compliance Officers Say     (from DarkReading at 22-6-2010)     If you want an optimistic view of the current state of cybersecurity, then don't ask security and compliance professionals. Ninety-five percent of security and compliance pros believe that data breaches will increase in 2010, according to a survey (PDF) published today by security vendor nCircle.... read more»             FSB, Police Seize 200 Thousand Copies of Anti-Putin Report     (from The Other Russia at 22-6-2010)     On Monday, the opposition movement Solidarity presented its finalized report on how Russia has fared over the ten years of Vladimir Putin’s tenure in power. The pamphlet, entitled “Putin. Results. 10 Years,” includes forty-eight pages of analysis of the actions and policies of the former president and current prime minister, with topics ranging from corruption and crumbling infrastructure to population decline and the collapse of the pension system. The war on terrorism and the volatile situatio... read more»             Computers could cause deaths, warn doctors     (from The Age - Australia at 22-6-2010)     THE Alfred hospital's computer system is so bad that its own doctors are warning it will inevitably lead to ''catastrophic, and perhaps fatal'' consequences for patients. In a litany of complaints detailed by the hospital's senior medical staff association, doctors claimed they were unable to look at more than one patient record at a time, with some staff urging a return to paper records. The Australian Medical Association said the information technology problem was widespread, with some h... read more»             Corporate Crime and Fraud Seminar September 2010     (from Business Automation Consultants at 22-6-2010)     Dr. Al Marcella and Dr. Christie Husted combine Dr. Marcella’s experience and reputation as CEO of an international global information technology and management consulting firm and Dr. Husted’s expertise and leading research in Organizational Psychology and Corporate Criminology to provide: insight into the organizational dynamics, personality characteristics and environmental factors giving rise to corporate crime, along with information technology (IT) tools, management consulting, IT audit, s... read more»             Government devotes more brainpower and money to cybersecurity     (from Washington Post at 22-6-2010)     Cybersecurity, fast becoming Washington's growth industry of choice, appears to be in line for a multibillion-dollar injection of federal research dollars, according to a senior intelligence official. Delivering the keynote address at a recent cybersecurity summit sponsored by Defense Daily, Dawn Meyerriecks, deputy director of national intelligence for acquisition and technology, said that along with the White House Office of Science and Technology, her office is going to sponsor major resea... read more»             Protest: 19,000 Australians petition against Internet filter     (from ITNews at 22-6-2010)     More than 19,000 Australians have opposed mandatory internet filtering in a petition tabled in the Senate this week. Launched in mid-January by Electronics Frontier Australia (EFA), the petition asserts that individuals - not the Government - should be allowed to determine how and what online content is blocked. Printed and online signatures were collected nationwide, from Perth CBD to Sydney's Northern Beaches and Darwin suburb, Nakara.... read more»             World Cup Security Uses Physics To Thwart Hackers     (from FOXNews at 22-6-2010)     South African physicists working to protect data networks at the World Cup hope to provide something that no goalkeeper can promise: perfect defense. They're tapping the laws of physics to prevent hackers from monitoring videos, emails and phone calls relayed between Durban's Moses Mabhida Stadium and a nearby operations center for police, firefighters, and military personnel.... read more»             Children and the Internet     (from Securelist at 22-6-2010)     Currently, more and more children are mastering the art of searching the Internet, a world designed mostly by adults for adults. Very often adults argue about whether to allow children to use the World Wide Web or not. The majority of researchers, specialists and ordinary users undoubtedly say YES. They are sure the Internet helps children to study, to develop and to learn the art of virtual communication which has become such an inseparable part of our lives. This has resulted in the creatio... read more»             Data Leakage Prevention? Really?? (Part 1)     (from Wordpress at 22-6-2010)     I think the name of the technology itself, Data Leakage Prevention (DLP), is misleading. Whatever scope of being misled is left, is usually done away by our brave technology sales people (no offence intended, it their job!). I remember clearly when I first encountered DLP as a technology. It was more than 5 years ago. No one is APAC(or at least in India knew what DLP was). While working as a freelancer, the VP of a big manufacturing company wasdiscussing with me the issues he was having with the... read more»             Full Disclosure for Attacker Tools     (from TaoSecurity at 22-6-2010)     The idea of finding vulnerabilities in tools used by attackers is not new. It's part of the larger question of aggressive network self defense that I first discussed here in 2005 when reviewing a book of that title. (The topic stretches back to 2002 and before, before this blog was born.) If you follow my blog's offense label you'll see other posts, such as More Aggressive Network Self Defense that links to an article describing Joel Eriksson's vulnerability research into Bifrost and other remot... read more»             Feds Say Man E-mailed Biden ‘I’m Going to Kill You!’     (from Wired at 22-6-2010)     With neighbors like this, who needs enemies? A Minnesota man accused of hacking into his neighbor’s computer and sending a threatening e-mail to Vice President Joe Biden has turned down a two-year plea deal and is negotiating for less, the defendant’s attorney said Monday. Barry Ardolf, a Minnesota computer technician, is accused of unlawfully accessing his neighbor’s computer last year and sending an e-mail under the neighbor’s identity to the vice president, saying “I swear to God I’m go... read more»             Apple accused of hushing up security update     (from The Register at 22-6-2010)     Apple has been accused of secretly adding a security update to its operating system without telling users, or anyone else. The update released last week included protection against a Trojan that could allow a hacker to take control of your machine. The HellRTS Trojan has been added to the Mac's list of signatures used to detect dodgy software, according to Sophos' ubiquitous Graham Cluley. ... read more»             Security firms taking days to block malware     (from The Register at 22-6-2010)     Anti-malware vendors can take up to 92.48 hours to block malicious sites, potentially leaving clients in blissful ignorance of threats to their systems in the meantime. Security researchers NSS Labs reviewed a range of endpoint security products from ten big-name security vendors and their response to "socially engineered or consensual malware threats". It said 15,000 to 50,000 such threats were presenting themselves per day.... read more»             Lenovo Support Website Infects Visitors with Trojan     (from Softpedia at 22-6-2010)     The support site of leading Chinese PC manufacturer Lenovo has been compromised by unknown attackers who injected a rogue IFrame into the pages over the weekend. Security researchers warn that unwary visitors looking for drivers are exposed to several exploits that install the Bredolab trojan onto their computers. According to a report from Vietnamese antivirus vendor Bkis, the pages have been infected since at least Sunday afternoon. However, some users have been reporting getting antivirus ... read more»             No anti-virus software? No internet connection     (from News at 22-6-2010)     AUSTRALIANS would be forced to install anti-virus and firewall software on their computers before being allowed to connect to the internet under a new plan to fight cyber crime. And if their computer did get infected, internet service providers like Telstra and Optus could cut off their connection until the problem was resolved.... read more»             ICANN chief calls for co-operation on internet security     (from hacking expose at 22-6-2010)     Rod Beckstrom opens 38th international meeting. The chief executive of the Internet Corporation for Assigned Names and Numbers (Icann) has asked for greater co-operation between international internet bodies in order to ensure the safety and stability of the Domain Name System (DNS). Beckstrom added that several sessions at the Brussels meeting will focus on DNSSec, the security protocol developed to help defend the internet against attacks by "miscreants with malicious intent".... read more»             NSA Gets Geeky After Dark, New Docs Show     (from Wired at 22-6-2010)     It’s an agency staffed by some of the government’s top hackers, brainiest cryptographers, and most sophisticated network defenders. But when employees at the NSA aren’t playing Big Brother, pwning foreign networks or coming to the aid of hacked companies, it turns out they’re (surprise!) up to some exceptionally geeky business in their spare time. Government Attic has a collection of documents, finally obtained two years after the organization filed a Freedom of Information Request, that deta... read more»             NSA Gets Geeky After Dark, New Docs Show     (from Wired at 22-6-2010)     It’s an agency staffed by some of the government’s top hackers, brainiest cryptographers, and most sophisticated network defenders. But when employees at the NSA aren’t playing Big Brother, pwning foreign networks or coming to the aid of hacked companies, it turns out they’re (surprise!) up to some exceptionally geeky business in their spare time. Government Attic has a collection of documents, finally obtained two years after the organization filed a Freedom of Information Request, that deta... read more»             Evolving Strategies for the Enforcement of Cyberlaws     (from karnikaseth at 22-6-2010)     The Information Technology age has led to the emergence of a dynamic and highly specialized field of law, namely ‘Cyber laws’. The unique features of the internet, particularly, its borderless expanse, rapid technological advancements, anonymity, speed of communication & data transfer have posed multiple challenges to legislators of different countries who strive to adapt their existing laws for application in cyberspace or develop new laws to govern the virtual world. One of the most perple... read more»             FBI Found 14 Intel Leak Suspects in Past 5 Years     (from FAS at 22-6-2010)     The Federal Bureau of Investigation identified 14 suspected “leakers” of classified U.S. intelligence information during the past five years, according to newly disclosed statistics. Between 2005 and 2009, U.S. intelligence agencies submitted 183 “referrals” to the Department of Justice reporting unauthorized disclosures of classified intelligence. Based on those referrals or on its own initiative, the FBI opened 26 leak investigations, and the investigations led to the identification of 14 ... read more»             Mobile malware is a reality says Kaspersky     (from infosecurity-us at 21-6-2010)     Mobile malware has been bubbling along in the background of the security world for the last few years but, according to Denis Maslennikov, Kaspersky Lab's mobile research group manager, the rise in smartphone sales is triggering a surge in mobile malware amongst cybercriminals. Speaking at Kaspersky Lab's recent analyst summit, Maslennikov said that the first piece of mobile malware using the internet dates back to 2004, when a Ukrainian hacker developed the code.... read more»             Top ten website application vulnerabilities     (from prlog at 21-6-2010)     Attackers can potentially use many different paths through your application to do harm to your business or organization. Each of these paths represents a risk that may, or may not, be serious enough to warrant attention. Sometimes, these paths are trivial to find and exploit and sometimes they are extremely difficult. Similarly, the harm that is caused may range from nothing, all the way through putting you out of business. To determine the risk to your organization, you can evaluate the like... read more»             General Assembly: transnational organized crime     (from un at 21-6-2010)     MOHAMED FATH EDREES (Egypt) said it was impossible to deal with certain crimes in isolation, pointing to links between human trafficking and smuggling of migrants, and between those crimes and drug trafficking, money laundering and terrorism financing. Efforts in Africa to combat organized crime depended on support from the United Nations in the context of reconstruction and peacebuilding. Failure in those areas fuelled conflict and provided financing to global terrorist networks, and hind... read more»             A Modest Proposal for ICANN     (from circleID at 21-6-2010)     When it comes to accountability, ICANN would rather be compared to other U.S. nonprofit companies than to the regulatory bodies it more closely resembles. If they truly wish to be treated like a nonprofit, rather than a regulator, there is a very simple solution: make all contributions strictly voluntary. The ever-disappointed Accountability and Transparency Review Team for ICANN met with the ICANN board yesterday, and were told their expectations for real accountability mechanisms were simpl... read more»             VPN Security Flaw Makes IP Address of Users Using IPv6 Easily Traceable     (from circleID at 21-6-2010)     Duncan Geere reporting in Wired: "Since the slow introduction of internet monitoring systems around the world began, more and more people have attempted to preserve their privacy by signing up for VPN services like the Pirate Bay's Ipredator and Pirate Party offering Relakks. But it turns out that there's a gaping security flaw in these services that allows individual users to be identified..."... read more»             Why Estonia Is the Poster Child for Cyber-Security     (from Discovery at 21-6-2010)     I'm just back from a conference on cyber security held in Estonia, or, as the editors always force me to write: "the tiny Baltic nation of Estonia." Other popular tropes: "in Estonia, more than 90 percent of all banking is done online, digital signatures are used widely by government officials and you can pay for parking with your cell phone. Geeks have dubbed the place E-stonia. Oh, and four Estonians built Skype." Right, we get it. Twenty years ago, the country shook free of the Soviets and... read more»             DoS attacks hits Turkish authorities in censorship row     (from afterdawn at 21-6-2010)     Many Turkish Internet users are very unhappy with the growing level of censorship online, particularly when it comes to the blocking of Google services. Earlier this month, services such as Google Translate, Google Docs and Google Books became inaccessible in Turkey following a request that Turkish ISPs block access to IP addresses associated with YouTube. On Thursday, an Ankara Public Prosecutor asked Ankara's 1st Criminal Court of Peace to add 44 more IP addresses related to YouTube and Goo... read more»             Southwick police warns seniors about phone scams     (from 419legal at 21-6-2010)     Every day millions of people get scammed, as result of any fraud or scam surfacing .For first timers it is very difficult to cope up, as victim is already on backfoot , which means what could be done in the given situation. But worst could be the person targeted is senior citizen or elders. Each year more and more seniors are falling to frauds moreover most of them are stuck in telephone scams .The modus operandi is the same ,as fraud artists are very sharp in their tactics to fool the elders... read more»             SSH Brute Force Attacks Resurface     (from threat post at 21-6-2010)     Security experts are warning about a fresh round of attacks against SSH implementations. The attacks are brute-force attempts to authenticate to remote SSH servers, a tactic that has been used quite often in the past in distributed attacks. The attacks, which the handlers at the SANS Internet Storm Center have been following, are simple and have a simple goal: gain access to the remote SSH server. The attacks often come from a slew of different IP addresses and may come one right after anothe... read more»             French regulators: Google snagged passwords, e-mail     (from CNet at 21-6-2010)     Google collected passwords and e-mail when the company intercepted and stored data detected on open Wi-Fi hot spots in France, according to the French National Commission on Computing and Liberty. The commission launched an investigation in early June after Google admitted that it had stored fragments of personal information from open Wi-Fi hot spots as its fleet of vehicles drove around neighborhoods around the world collecting data for its Street View mapping service. Google collected data... read more»             Good Technology boosts iPhone security controls     (from CNet at 21-6-2010)     When an employee at AIM Media lost his iPhone containing company e-mails and other sensitive data last year, there was nothing to be done except hope that whoever found it didn't care to snoop. Now, if that happens again AIM Media IT Director Nelson Saenz can just remotely wipe the data. "Apple made it possible for the iPhone to work with Microsoft Exchange," he said. "But from an IT standpoint what was missing was centralized administration and security."... read more»             New Bill On Internet Security Proprosed     (from Unite The Cows at 21-6-2010)     There is always a new emergency going on in Government that demands constant attention and immediate action. However, in some cases the only emergency part about the situation is the actions that the Senates take for security purposes. The newest bill in Washington was proposed last Thursday, which stated that the President would have greater powers and control over the Internet for emergency situations. This includes being able, if necessary, to completely shut down sections of the Internet... read more»             From the Humor Dept - YouTube FAR - Watchguard     (from WatchGuard at 21-6-2010)     Nice awareness generator http://www.youtube.com/watch?v=odRZPyMLZ7Q... read more»             Facebook stands up to privacy coalition     (from Computer Weekly at 21-6-2010)     Facebook has insisted it is doing enough to protect users' privacy in response to an open letter from a coalition of privacy groups calling for more action. The coalition includes the Center for Democracy and Technology, the Center for Digital Democracy, Consumer Action, Consumer Watchdog, the Electronic Frontier Foundation, the Electronic Privacy Information Center, Privacy Activism, Privacy Lives, and the Privacy Rights Clearinghouse. The social networking site reminded the coalition tha... read more»             IRCTC System Hacked? IRCTC System Mostly Down Between 8.00 am to 8.30 am Daily     (from Free Hacking at 21-6-2010)     Recently, seven persons were arrested in Andhra Pradesh for hacking into the passport application software of the Hyderabad Regional Passport Office. The arrested included passport agents who were fraudulently booking slots for registration of passport applications. Now, it appears that an investigation is due on the IRCTC system which handles the railway reservations. Statistically, it may be tested and observed that the IRCTC system is either completely down or partially un available to... read more»             City leads way in crime-fighting technology     (from MSNBC at 21-6-2010)     This city of 65,000 has fought one of the nation's highest crime rates in recent years with an arsenal of high-tech gadgets, from gunshot detection systems to software that can sift and analyze crime data almost instantaneously. The results have been startling: Violent crime in East Orange has fallen by more than two-thirds since 2003, according to state police statistics. Yet even with its crime rate plummeting, the city is going a step further by becoming the first in the country to comb... read more»             Ex-Hacker Adrian Lamo Tells Us the AT&T iPad Email Leak is Overblown     (from DailyTech at 21-6-2010)     "My dad has an iPad, and I haven't even brought this up to him." -- Adrian Lamo Ex-hacker and alleged "war crimes collaborator" Adrian Lamo has garnered a great deal of attention lately from his role in outing Wikileaks leaker Bradley Manning, a young U.S. Military official who was leaking sensitive documents, including some which Lamo believed endangered national security.... read more»             Testing reveals security software often misses new malware     (from NetworkWorld at 21-6-2010)     New research has further confirmed the difficulties security software companies are having keeping up with an explosion in malicious software programs on the Internet. Security software from major vendors can take an average of two days to block a Web site designed to attack a computer visiting it, according to the latest report from NSS Labs, which tested security software suites against fresh malware released on the Internet.... read more»             Cyber Crime Centre catches hacker     (from ComputerWorld at 21-6-2010)     A former information technology employee of a Lower Hutt sauce and condiment manufacturer has been fined more than $8000 after hacking into the firm's network and accessing private emails. The case is the National Cyber Crime Centre's first prosecution and conviction. Geraint Jones, an IT systems engineer, was employed to build an IT network for Groenz, formerly French Maid Foods, in 2004, and worked there until September 2008, according to court documents.... read more»             3.7 Billion Phishing E-Mails Sent in the Past Year     (from PCWorld at 21-6-2010)     Cybercriminals sent 3.7 billion phishing e-mails over the last year, in a bid to steal money from unsuspecting web users, says CPP. Research by the life assistance company revealed that 55 percent of phishing scams are fake bank e-mails, which try and dupe web users into giving hackers their credit card number and online banking passwords.... read more»             Duma Passes Bill for FSB ‘Special Preventative Measures’     (from The Other Russia at 21-6-2010)     The Russian State Duma passed a bill today that will greatly expand the powers of the Federal Security Service (FSB) and which civil liberties advocates have decried as a grave threat to freedom of speech. The vote was split down party lines, with the Kremlin-backed United Russia party voting as a bloc in favor of the bill. All deputies from the three other parties voted against it. The bill was introduced by the Russian federal government on April 24. It will allow the FSB to issue preemp... read more»             Did LIGATT Security’s CEO Threaten the Life of a Security Professional?     (from praetorian prefect at 21-6-2010)     European security analyst Chris John Riley is a well known and legitimate security professional who co-hosts the Eurotrash Security Podcast and writes on the Catch22 Insecurity blog. Gregory Evans is a convicted felon (federal conspiracy and wire fraud against AT&T and MCI for stealing 125 toll free telephone lines) who paid $9 million in restitution, was sentenced to 24 months in federal prison, and runs a dubious company that makes great commercials but also claims a client list they don’t act... read more»             Cyber-war a growing threat warn experts     (from BBC at 21-6-2010)     In 2007, Estonia was the subject of a series of cyber attacks which crippled the internet across the country. Banks, government departments and the national media all found their websites swamped by a tidal wave of spam which took them down. The perpetrators were never caught. Some evidence pointed to Russian government involvement in the attacks, but no definitive link to the Kremlin was found. So was it the first ever act of cyber-war?... read more»             TechMan: Those 'dirty' websites can be dirty for security reasons, too     (from Post-Gazette at 21-6-2010)     TechMan has always said that there is danger in visiting Web pxxn sites, not only of disapproval from your significant other or your boss, but to your computer. Visiting pxxn sites has been on every list of things that will make you more likely to get a computer virus, worm, Trojan or other type of malware. Well now it has been proven. To find out the truth of the widely held view that pxxn sites are dangerous to visit, International Secure System Lab studied thousands of pxxn sites (it... read more»             Cyber Crime Centre catches Lower Hutt hacker     (from Stuff at 21-6-2010)     A former information technology employee of a Lower Hutt sauce and condiment manufacturer has been fined more than $8000 after hacking into the firm's network and accessing private emails. The case is the National Cyber Crime Centre's first prosecution and conviction. Geraint Jones, an IT systems engineer, was employed to build an IT network for Groenz, formerly French Maid Foods, in 2004, and worked there until September 2008, according to court documents.... read more»             First Poster for 'The Social Network'     (from Mashable at 20-6-2010)     Columbia Pictures has just released its first poster for this fall’s The Social Network, otherwise known as the Facebook movie. The poster features image of Facebook founder Mark Zuckerberg, as portrayed by Jesse Eisenberg. Atop his face is the tagline, “You don’t get to 500 million friends without making a few enemies.” The Social Network, which will be in theaters this October, chronicles the early history of Facebook, from its humble beginnings in a Harvard dorm room through its early rise... read more»             Distributed SSH Brute Force Attempts on the rise again     (from SANS at 20-6-2010)     SSH brute force attempts seem to be on the rise again, at the SANS Internet Storm Center we have received a number of reports that a number of networks are seeing them. The source IP addresses vary with each new attempted username in the wordlist, which would indicate that the attempts are distributed through botnet(s). It only takes a single user with a weak password for a breach to occur, then with that foothold escalation and further attacks are likely next. This is certainly not a new phenom... read more»             World Cup vuvuzelas buzz of internet, too     (from CNN at 20-6-2010)     The droning honk of the vuvuzela has become the real star of the World Cup -- the kind of star some soccer fans love and others hate. Now, the wired world has joined the chorus. On Friday morning, there were roughly 30 vuvuzela-themed smartphone apps for the open-source Android platform. Another dozen or so were in the Apple's App Store, which sells apps for the iPhone and iPad. Most of these apps turn phones into digital vuvuzelas. At the push of a button, they emit a constant squawk, jus... read more»             Lane Fox to get expanded role as UK 'digital champion'     (from BBC at 20-6-2010)     Martha Lane Fox is to retain her role as the UK's "digital champion" but with an increased focus on finding savings by delivering services online. The internet entrepreneur advised Labour on digital inclusion and will act in a similar role for the coalition government, No 10 has confirmed. It said she would focus on helping to reduce government costs by making services more accessible and usable....read more»             Nominet warns on DNS hacking     (from v3 at 20-6-2010)     Simon McCalla outlines how hackers are trying to bring down the domain name system Simon McCalla, IT director at Nominet, sat down with V3.co.uk at a recent Neustar security forum to outline how the UK domain registry is protecting its 8.5 million domain names, and how hackers are trying to bring down the DNS.... read more»             Hackers and Apple make for a dangerous pair     (from Yahoo at 20-6-2010)     Raise your hand if you’ve ever heard the argument “If you want a virus-free computer, get a Mac.” Raise your other hand if, in response to a story I’ve blogged about regarding Windows security breaches, you’ve left a comment like that on Yahoo! Now put your hands down, because, as CNN puts it bluntly, “Those days are over.” It used to be that the Mac had a small share of the market, and its architecture was fundamentally different from its PC competition. No one wrote malware for the Ma... read more»             AfriNIC pilots public key infrastructure resource project     (from standrdkenation at 20-6-2010)     The Africa Network Information Center, the regional Internet registry also known as AfriNIC, is moving ahead on a pilot project designed to give ISPs security measures along with IP address allocations. The pilot aims to provide increased value to ISPs by issuing certificates based on public key cryptography. Public keys are widely distributed but private keys are secret -- messages are encrypted with the public key and can only be decrypted with the private key to ensure confidentiality. Afr... read more»             Who's on...uh, at...FIRST?     (from Windowsir at 20-6-2010)     I attended the FIRST conference in Miami last week. My employer is not a member of FIRST, but we were a sponsor, and we hosted the "Geek Bar"...a nice room with two Wiis set up, a smoothie bar (also with coffee and tea), and places to sit and relax. One of my roles at the conference was to be at the Geek Bar to answer questions and help sign folks up for the NAP tour on Thursday, as well as mingle with folks at the conference. As such, I did not get to attend all of the presentations...some ... read more»             Team USA Hacked at World Cup     (from Imperva at 20-6-2010)     Hackers unveiled a new technique at today's World Cup: FOUL Injection. Here's how this dangerous new hack works: as a wealthy nation comes back from the brink of defeat, a jealous referee inserts a false FOUL request after the successful execution of a stored goal procedure. Security experts expect this new technique to proliferate as the tournament continues.... read more»             Huge Security Flaw Makes VPNs Useless for BitTorrent     (from TorrentFreak at 20-6-2010)     Millions of BitTorrent users who have chosen to hide their identities through a VPN service may not be as anonymous as they would like to be. Due to a huge security flaw, those who use IPv6 in combination with a PPTP-based VPN such as Ipredator are broadcasting information linking to their real IP-address on BitTorrent. As pressure from anti-piracy outfits on governments to implement stricter copyright laws increases, millions of file-sharers have decided to protect their privacy by going ano... read more»             Mobile Phone: Emerging new turf for hackers     (from deccanherald at 20-6-2010)     Imagine someone recording your conversation while you discuss confidential company information or money being withdrawn from your account through mobile phones without your consent. That's the new world of mobile phone hacking. After computers, mobile phones are now being targeted by spammers and hackers to gain confidential information and make money by duping the public. According to data security solutions provider Symantec, many people use their mobile devices to store information such... read more»             FIRST.Org, Inc., Board of Directors     (from FIRST at 20-6-2010)     FIRST would like to welcome the new members of the FIRST Steering Committee and FIRST.org Inc Board of Directors: Robert Schischka of CERT.at (Austria) and Reneaué Railton of Cisco (USA). We would also like to welcome back our re-elected members: Chris Gibson of Citi CIRT (USA/UK), Pete Allor of IBM (USA) and Steve Adegbite of Microsoft (USA) who was re-elected as the SC Chair. Continuing for another year will be Kurt Sauer of Spinlock Technologies (Japan), Tom Mullen of BT (UK), Yurie Ito of I... read more»             Webcast: Cryptography: Issues and Insight from Practical Implementations     (from eventbuilder at 20-6-2010)     Date/Time: Wed Jun 23, 2010, 1:00 PM, USA Eastern (Wed Jun 23, 2010, 10:00 AM, USA Pacific) Duration: 1 Hour Description: With so many tools and technologies supporting encryption, implementing encryption has never been easier and more potentially devastating. This session will discuss concepts such as where to encrypt, how to generate solid keys, maintaining the secrecy of keys, and address other concerns. It will provide real world examples of best practices, discuss lessons learne... read more»             AusCERT Replaced by CERT Australia for Government Services     (from Beskerming at 20-6-2010)     Confusing names aside, the announcement earlier this month that the Australian Government would no longer be contracting services from AusCERT, the University of Queensland-based organisation, instead CERT Australia would be established by the government to provide those services, derived from its predecessor, GovCERT. It appears somewhat strange that the Government has decided to establish what seems to be a parallel service provider, which is meant to be "the sole supplier of national CERT ... read more»             Mobile phones are emerging new turf for hackers: Symantec     (from The Economic Times at 20-6-2010)     Imagine someone recording your conversation while you discuss confidential company information or money being withdrawn from your account through mobile phones without your consent. That's the new world of mobile phone hacking. After computers, mobile phones are now being targeted by spammers and hackers to gain confidential information and make money by duping the public.... read more»             Scammers creaming $447m off Kiwis yearly     (from New Zealand Herald at 20-6-2010)     Thousands of Kiwis are being conned by scams each year - and there's a reasonable chance you'll become one. Figures from the Ministry of Consumer Affairs' Scamwatch section estimate 15 per cent of the population has been the victim of a scam over the internet or by other means, costing them money and causing emotional stress and embarrassment. Scammers often play on emotional heartstrings, such as in the case of an Auckland woman who was fleeced of $33,000 by an African she met in Auckland... read more»             Blackhat SEO uses online games to distribute malware     (from ESET at 20-6-2010)     We have frequently talked about and shown examples of threats that take advantage of Black-Hat SEO (Search Engine Optimization). This technique (BHSEO) is used by malware authors to position the malicious links in the top results when a potential victim uses certain topical search terms. ESET's Technical Department at Ontinet.com have mostly seen this technique used to infect users of online games, and more recently, targeting to a much greater extent the many millions of users of social netw... read more»             How Many Spam Can a Spam Bot Spam     (from TrendMicro at 20-6-2010)     Mega-D is one of the most prolific spam botnets accounting for around 7 percent of the spam traffic worldwide. It once accounted for as much as 50 percent of the world’s spam volume but has quieted down since the high-profile takedown of the McColo hosting service, and the 2009 takedown of its command-and-control (C&C) servers. Mega-D is still alive though not as prolific as it once was. We let loose a Mega-D spam bot sample in our malware lab to see how many spammed messages one spam bot can... read more»             Fraudsters shoot Fifa emails to 'chosen ones'     (from THE TIMES OF INDIA at 20-6-2010)     The FIFA World Cup has caught the fancy of fraudsters too. In an e-mail doing the rounds, Rs 2.25 crore is being offered to “chosen ones’’ for winning a lottery, organised to coincide with the World Cup. Former IPS officer Sanjay Pandey, who runs i-sec, an e-security firm, said, “It’s an individual kind of crime where the fraudster and the victim are directly connected. The people do not know much about such cheats and proper awareness needs to be created about it. The state should take lead ... read more»             Hackers are bent on security fraud     (from hostexploit at 20-6-2010)     When Ruth Priestley picked up her phone and heard someone with a foreign accent claiming they were from Microsoft she knew something was amiss. And when Ms Priestley was transferred through to another foreigner who wanted to “link-up” with her computer she realized she was talking to hackers seeking her personal details. However, the Sarina Beach resident is concerned that some people, particularly those who aren’t computer savvy, could become victims of identity fraud.... read more»             Staten Island-based identity theft ring stole $5M, authorities say     (from hostexploit at 20-6-2010)     They dubbed their identity-theft ring “BRO,” but officials said there was nothing familial about how a Staten Island-based gang allegedly stole up to $5 million from borough residents and others, including soldiers based at Fort Hood, Texas, who were deployed in Afghanistan and Iraq while they were being ripped off. “It takes a certain type of detached cruelty to victimize people in this way,” Police Commissioner Raymond Kelly said at One Police Plaza today, where he was joined by District At... read more»             Senate Proposes 'Internet Kill Switch' For Cyber Emergencies     (from gossiponthis at 19-6-2010)     Senator Joseph Lieberman has proposed a new bill that would give President Obama the ability to shut down the internet if there is a cybersecurity emergency. The bill, known as the Protecting Cyberspace as a National Asset Act (PSCNAA) would require “companies such as broadband providers, search engines, or software firms that the government selects [to] immediately comply with any emergency measure or action developed by the Department of Homeland Security”. If not, they would be fined. Thi... read more»             HTC Cracks Down on ROM Hackers With Cease and Desist Letter     (from Gizmodo at 19-6-2010)     We've covered a fair few of the ROM hacks here on Gizmodo, which many parts of an extremely active network of hackers/Android-lovers have created. Now though, HTC is cracking down on them, sending Conflipper's community a cease-and-desist. Conflipper has been behind a few of the most high-profile hacks, but is also particularly skilled at digging out mentions of upcoming Android phones in the developers' code. He gives the army of Android lovers the tools to customize their phones, but also s... read more»             Anti WAF Software Security Only Zealotry - Shortcomings of Web Application Firewalls (WAFs)     (from jeremiahgrossman at 19-6-2010)     Recently on Twitter I asked why some people feel oddly compelled to rely upon the shortcomings of Web Application Firewalls (WAFs) as a means to advocate for a Secure Development Lifecycle (SDL). To me this is odd because the long-term, risk-reducing value provided by secure code is enough on its own to warrant the investment. If you can’t demonstrate that, blame directed at WAFs seems misplaced. Most importantly, we must remember our objective: protecting websites from being hacked.... read more»             Personal details stolen from Kent Police automobile     (from The Breach Blog at 19-6-2010)     The Information Commissioner's Office (ICO) has found Kent Police in breach of the Data Protection Act. Documents containing confidential personal information were stolen from a police officer's car while it was parked overnight at a residential address. The information was passed to a local police station after being found the following day in a nearby street by a member of the public. An ICO investigation found that the officer had not used his secure briefcase to transport the paper... read more»             Police blunder leads to ticking off from Information Commissioner's Office     (from kentonline at 19-6-2010)     Kent Police have been rapped over the knuckles after confidential documents were swiped from an officer's car. The secret files were stolen from the boot of a policeman's car, parked overnight at a home. But the officer didn't use a secure briefcase to transport the paperwork, and a secure storage area hadn't been provided at his home. The theft was only brought to light when the dossier was handed in to a police station by a member of the public the next day. Now Kent Police are tak... read more»             Is PCI driving the development of information security within healthcare?     (from netspi at 19-6-2010)     I like to watch industries evolve in how they deal with information security. It was interesting to watch retail evolve as PCI got more organized. The PCI Council put together the DSS with dates and penalties for breaches and non-compliance, and that drove significant change. It appears that a similar major change within healthcare is starting to take place. We have begun to see a proactive shift that incorporates compliance with HIPAA, an understanding of risk, and the development of security ... read more»             Securing Europe's Information Society     (from Enisa at 19-6-2010)     FocusENISA assists Member States and the Commission in global issues that affect the European Community as a whole. This is an advisory role and the focus is on prevention and preparedness. ENISA does not have any operational responsibilitieseither within the EU institutional framework or with respect to Member States. ENISA has no special role in the security process protecting EU institutions. NIS Challenges: Complexity of global networks is increasing. Number of security bre... read more»             Nigerian scams prevalent, warns gov't     (from The China Post at 19-6-2010)     As many as 12 Taiwanese have fallen victim to Nigerian fraudsters in the past year, including one woman who ended up being raped in Malaysia two months ago by her scammers, the Ministry of Foreign Affairs said yesterday, warning the public to be on their guard. Dubbed “419” (the listing number of this type of crime in the Nigerian criminal code), the scams have been around for decades. The usual format is where the fraudster sends out massive numbers of “phishing” emails in the hope that som... read more»             Mass. AG seeks privacy information from Google     (from Yahoo at 19-6-2010)     Massachusetts Attorney General Martha Coakley is seeking information from Google Inc. about the search engine's "Street View" project to ensure it is not acquiring personal information. Coakley said Friday she is concerned about reports "Street View" acquired payload data over Wi-Fi networks. The data could be used to obtain e-mail addresses, passwords and bank account information. Other federal and state officials, and foreign governments have made similar queries.... read more»             Time to wake up to cyber threat: experts     (from Yahoo at 19-6-2010)     NATO governments and the public must wake up to the threat of cyberattacks, which could paralyse a nation far more easily than conventional warfare, experts warned Friday. "Cybercrime and cyberespionage are topics that can't be ignored," said Melissa Hathaway, a former US cyber tsar, at a conference in Estonia organised by the trans-Atlantic alliance's IT defence unit.... read more»             Confidential personal information stolen from Kent Police     (from Computer Weekly at 19-6-2010)     The Information Commissioner's Office (ICO) has found Kent Police in breach of the Data Protection Act. Documents containing confidential personal information were stolen from a police officer's car while it was parked overnight at a residential address. The information was passed to a local police station after being found the following day in a nearby street by a member of the public. An ICO investigation found that the officer had not used his secure briefcase to transport the papers, nor ... read more»             Most web attacks come via compromised legitimate wesites     (from Computer Weekly at 19-6-2010)     About 90% of web attacks take place through legitimate, compromised websites, up from 80% in 2009, according to Symantec Hosted Services (SHS). In theory almost any web site is capable of hosting malware or forwarding to a site that does, said Dan Bleaken, senior malware data analyst, SHS. One compromised website, visited by an unsuspecting user, may be all that is required to breach the defences of a business, he said.... read more»             Intuit Blames Maintenance Glitch for Web Outage     (from The Wall Street Journal at 19-6-2010)     Intuit Inc. blamed a snafu during a maintenance procedure for a prolonged website outage that left consumers and small businesses without access to online versions of the company's accounting and tax software. Intuit's products include TurboTax, Quicken, and the QuickBooks accounting program used by many small businesses. The three online services associated with those products went offline Tuesday evening and were unavailable for about 24 hours.... read more»             Oracle taps top attorney Boies for SAP suit     (from Computer World at 19-6-2010)     The case dates to March 2007, when Oracle sued SAP and its one-time subsidiary, TomorrowNow, which provided lower-cost support for Oracle applications, claiming TomorrowNow workers had illegally downloaded software from its support systems. SAP has said the employees were authorized to download the materials on behalf of TomorrowNow customers, while also admitting some "inappropriate downloads" had occurred. But the information remained in TomorrowNow's systems, meaning SAP had no access to ... read more»             Report Calls for International Coordination on Cybersecurity     (from Security Watch at 19-6-2010)     The EastWest Institute and the Data Security Council of India released a report today laying out several recommendations to begin building the legal, technical and administrative foundations for an international system to secure cyberspace. The study, The Cybersecurity Agenda: Mobilizing for International Action, calls for the collaborative use of defensive technology, information gathering, astute analysis and traditional diplomacy to defend global information and communications systems.... read more»             Police Bring Down Major Card-Cloning Network, 178 Arrested In Europe, Australia, U.S.     (from cyberinsecure at 19-6-2010)     A two-year-long investigation into an international credit-card fraud ring has culminated with the arrest of 178 individuals and dismantling of numerous credit-card cloning laboratories. Authorities estimate that, while it was operational, the cybercriminal network, with branches in several European countries, the U.S. and Australia, has stolen almost $25 million. According to the Spanish National Police (Policía Nacional), the investigation began almost two years ago in the city of Valencia,... read more»             Number Of Infected PDF Files On The Rise, .RU Most Abused By Malware Hosters     (from cyberinsecure at 19-6-2010)     Avira reports that the number of PDF documents rigged with malware rose by 50 percent in May compared with the previous month. Data gathered by the company also reveals that .ru was the preferred country code TLD for hosting malware and that .br had the largest number of phishing websites. According to the German antivirus vendor, the most abused file extensions were exe, txt, php, jpg, dll, pdf, gif and com, while 31% of all malicious files detected had no extension at all. Even though the i... read more»             Microsoft Sues Spammers Who Abused Its Spam Filters     (from eSecurity Planet at 19-6-2010)     Microsoft said it has filed suit to get the perpetrators behind one of the "largest ever" spam attacks on Windows Live Hotmail. The suit was filed last week in U.S. District Court, but was just publicized Thursday night on Microsoft's (NASDAQ: MSFT) On the Issues blog by John Scarrow, general manager of safety services. What's perhaps most unique about the spammers' method of attack is the fact that they used Microsoft's anti-spam filtering technologies in perpetrating their crimes.... read more»             Self-destructing data to protect personal details     (from PC Pro at 19-6-2010)     A Dutch scientist has developed a system of deleting private details from databases automatically with pre-set time bombs that ensure redundant personal data is not left festering on company hard drives. Dr Harold van Heerde of the Centre for Telematics and Information Technology at the University of Twente says his database software allows information to degrade as it becomes less relevant to the company or organisation holding the data.... read more»             From prediction to prophecy: The 2010 threat landscape     (from ZDNet at 19-6-2010)     “Preventing infections from cross pollinating between virtual machines will be key in securing virtual movements of servers.” June 2010: With the ongoing progression of virtualization, it becomes important to treat each virtual machine as if it were a physical box. For example, a worm could easily hop inter-VM on the same machine to another machine that has a completely different set of access credentials, creating a more potent infection. Virtualization adds another level of complexity, furt... read more»             Facebook Chides Privacy Coalition Over 'Open Letter'     (from IT News at 18-6-2010)     Facebook released a point-by-point rebuttal to an open letter about privacy from consumer watchdog groups this week, saying that it already created measures to protect user privacy and that its instant personalization pilot program has been greatly misunderstood. The first open letter, sent Wednesday by a group of privacy advocates including the American Civil Liberties Union and Electronic Frontier Foundation, demanded that Facebook address "outstanding privacy problems" such as letting thir... read more»             New York A.G. goes after child pxxx on social networks     (from IT News at 18-6-2010)     New York Attorney General Andrew Cuomo has created a database aimed at keeping child pxxxography off of social networking sites like Facebook and Myspace. The database holds digital signatures of more than 8,000 child pxxxography images . According to Cuomo's office, each signature is akin to a digital fingerprint. Social networking companies can use the database to monitor their sites for any of these signatures and keep the pxxxographic images from appearing on their sites.... read more»             Google's Street Cars WiFi data sniffing captured passwords, email     (from ComputerWorldUk at 18-6-2010)     WiFi traffic intercepted by Google's Street View cars included passwords and e-mail, according to the French National Commission on Computing and Liberty (CNIL). CNIL launched an investigation last month into Google's recording of traffic carried over unencrypted Wi-Fi networks, and has begun examining the data Google handed over as part of that investigation.... read more»             Qualcomm chip maker in Europe antitrust probe     (from ComputerWorldUk at 18-6-2010)     Qualcomm faces another antitrust complaint in Europe, this time filed by Icera, a UK fabless semiconductor company. Icera focuses on mobile broadband, developing wireless modems for USB sticks, laptops and smartphones. Qualcomm argues that the complaint is similar to previous charges that were dropped. "We do note, however, the similarity between Icera's allegations and those in complaints made previously to the EU, which apparently failed to persuade the Commission and were ultimately withdr... read more»             Amazon patents social network     (from ComputerWorldUk at 18-6-2010)     You better stop what you're doing right there, Mark Zuckerberg: Somebody else has patented the "social network." The United States Patent and Trademark Office on Tuesday awarded a patent to Amazon for a "social networking system" that would seem to accomplish the exact same tasks already performed by the likes of Facebook, MySpace and Friendster. Amazon now holds the patent for "A networked computer system [that] provides various services for assisting users in locating, and establishing cont... read more»             Intuit small business service sites go down     (from ComputerWorldUk at 18-6-2010)     Users trying to access Intuit's small business software online were finally in luck. Intuit said that its various websites, including TurboTax Online and QuickBooks Online, were restored after being brought down in a site outage Tuesday night. The company said the outage was caused by a power failure that affected Intuit's primary and backup systems during routine maintenance. The issue knocked "a number" of Intuit's websites and services offline.... read more»             Social networking 'can attract cyber criminals'     (from computeach at 18-6-2010)     People who give much away in social networks are at risk of becoming victims of identity fraud, according to IT security expert Robert Schifreen, who is also a reformed hacker. "If you put out on the internet in general things like your date of birth, where you were born, what your mother's maiden name is - those are the same bits of information that banks want to know for security questions," he said. He went on to say that fraudsters find it very easy to guess a person's passwords after... read more»             Heading for the clouds     (from Economist at 18-6-2010)     With its Linux kernel and browser-based interface, Chrome OS promises to be every bit as breezy and light on its feet as GeoWorks was in its day. With more and more applications now residing on the internet rather than on a user’s own hard-drive, Google’s browser-based operating system could be a fitting replacement for Windows XP in an age when computing has headed from the desktop to the clouds.... read more»             EuroBSDCon from 8th - 10th oct 2010     (from eurobsdcon at 18-6-2010)     We want to welcome you to the next EuroBSDCon Date : Friday, October 8, 2010 - Sunday October 10, 2010 Location: Western Queens Hotel Karlsruhe, Karlsruhe, Germany We invite you to the event. This will be a great time to learn more about the powerful BSD systems we use everyday and to connect with other developers from Europe and other parts of the world. Conference Actvities * Presentations on a variety of BSD topics * Half- and/or full-day tutorials for in-depth learnin... read more»             Obama to be given the right to shut down the internet with 'kill switch'     (from Daily Mail at 18-6-2010)     President Obama will be given the power to shut down the Internet with a 'kill switch' in a new law being proposed in the US. He would be able to order popular search engines such a Google and Yahoo to suspend access their websites in times of national emergency. Other US based Internet service providers as well as broadband providers would also come under his control in times of a 'cybersecurity emergency.' Any company that failed to comply would be subject to huge fines.... read more»             Intuit Web sites come back online     (from CNet at 18-6-2010)     Intuit's several Web sites, including Quicken Online and QuickBooks Online, are back online following a major power outage that took the sites down Tuesday evening. In a statement released Thursday morning, Intuit said that after working throughout the night on Wednesday it had restored service to the customer sites that were down since 7 p.m. PDT Tuesday as a result of the outage. Those sites include Intuit's core Web site, QuickBooks Online, Quicken, QuickBase, and TurboTax Online. Intuit a... read more»             Google Urged To Let Personal Data Fade Away     (from Slashdot at 18-6-2010)     Researchers say personal information should 'degrade' — becoming less specific over time — to protect users' privacy. Rather than amassing personal data and holding on to it as long as legally possible, companies such as Google should allow the data to degrade over time, according to researchers. In an interview with the BBC this week, Dutch researcher Harold van Heerde discussed his work on the idea of allowing data to becomes less specific over time. Letting the specifics gradually disappe... read more»             Pxxnographic sites now account for more than a third of websites     (from scmagazineuk at 18-6-2010)     Adult-oriented websites now account for over a third of sites on the internet. A report by Optenet found that websites related to online role-playing games have grown by 212 per cent, while websites that contain violence, terrorism content and illegal drugs purchase have also grown Ana Luisa Rotta, director of child protection projects at Optenet, said: “Security of minors is a major factor for parents and guardians. Additionally, some of these games provide a wide number of communication ... read more»             Paraguyan Government Website Hosts Phishing Data     (from thenewnewinternet at 18-6-2010)     Phishing gangs are growing increasingly bold, evinced by researchers finding phishing data on website owned by the Paraguyan government. Sunbelt researchers discovered that a website belonging to the Paraguyan government is hosting data on banks and insurance companies in the United Kingdom gathered through phishing attacks. The researchers have notified the website owners regarding the data cache. Typically, researchers will sit on the data and try to learn more information about the cyber c... read more»             Room for two? CERTainly     (from ComputerWorld at 18-6-2010)     There’s enough cybercrime for Australia’s twin Computer Emergency Response Teams (CERTs), but some say bad blood simmers in the wake of failed negotiations and allegations of staff poaching. The relationship deteriorated between the industry-led veteran AusCERT and the newly-crowned government agency CERT Australia after the agencies could not agree on subsidies for additional services. In its submission to a government e-security review, AusCERT said the agency should be better integrated... read more»             French Data Protection Agency Says Three Strikes Is Allowed     (from Techdirt at 18-6-2010)     France's "three strikes" Hadopi program was originally supposed to go into effect in January (technically, it did...), but concerns about how this conflicted with European and French data privacy laws resulted in holding off on actually enforcing the law. However, it looks like the French data protection agency has reviewed the law and is now allowing three strikes enforcement to proceed. Apparently, now Hadopi is going to start sending out notices by the end of the month. We had already note... read more»             Palin e-mail hacker sentencing date set     (from United Press International at 18-6-2010)     A Tennessee man convicted on a charge related to hacking former Alaska Gov. Sarah Palin's e-mail account will be sentenced in September, court records show. A Sept. 24 sentencing hearing was set Wednesday for David C. Kernell, a former University of Tennessee student, who was convicted in April of trying to clear his computer of incriminating evidence after he broke into Palin's account. Kernell faces a jail sentence of 15 months to 21 months, the newspaper said.... read more»             WEP and TKIP Wi-Fi encryption methods to be discontinued     (from h-online at 18-6-2010)     The Wi-Fi Alliance (WFA) trade group tests Wi-Fi devices for their conformity with the IEEE standards and for their interoperability. The certificate ("Wi-Fi certified") issued for devices which pass the test is to ensure that devices sold by different vendors can co-operate. Over the coming three years, the outdated WEP and WPA-TKIP Wi-Fi encryption methods are to be removed from the WFA's test schedule. The IEEE standards association had already put the WEP standard, which is known to be unsaf... read more»             Microsoft program to provide new way to report stolen data     (from USA Today at 18-6-2010)     A new program being spearheaded by Microsoft is designed to provide a trusted way for researchers to report stolen credit card numbers and other data they've found in the dark corners of the Internet. Establishing that link is important because when a researcher finds stolen data, it can be hard to convince a bank or another affected institution that the data is legitimate. The lost time can mean the difference between someone's identity being used for fraud, and stopping a fraud before it oc... read more»             Authorities Indict 26 In Connection With City ID Theft Ring     (from statenisland at 18-6-2010)     The New York City Police Department has arrested 26 people, mostly natives of Nigeria, who were allegedly in the business of stealing identities and stole at least $5 million. They allegedly affected more than 200 soldiers, including many of whom were unaware of what was happening, since they were serving overseas. Some of the soldiers were even on active duty in Afghanistan and Iraq. "In fact, one soldier came home last Christmas, only to discover his bank account had been emptied," said ... read more»             Facebook urged to strengthen privacy protections     (from Los Angeles Times at 18-6-2010)     Facebook continues to face criticism over privacy protections at its social networking website. Privacy and civil liberties groups on Wednesday urged Facebook to address issues they say violate the privacy of the site's more than 400 million users. In an open letter to Facebook Chief Executive Mark Zuckerberg, the groups applauded steps the company has taken to make it easier for users to change privacy settings. But it asked for additional measures, such as allowing users to control all of t... read more»             3 Weeks After Arrest, Still No Charges in Wikileaks Probe     (from Wired at 18-6-2010)     An Army intelligence analyst suspected of leaking classified information to Wikileaks has still not been charged with any crime, three weeks after being arrested and put in pre-trial confinement. PFC Bradley Manning, 22, is being held at Camp Arifjan in Kuwait, and has been assigned a military defense attorney. The Army and State Department are investigating claims Manning made to an ex-hacker in online chats that he disclosed classified information. An Army legal advisor in Washington, D.... read more»             Four critical US cybersecurity projects that need constant pressure     (from NetworkWorld at 18-6-2010)     When it comes to our nation's information systems and cyber infrastructures, the hackers never stop trying to smash it and the government should never stop trying to protect it. But while threats to information systems are evolving, federal information systems in particular are not keeping up to consistently thwart threats. That was part of the conclusion reached in a report issued this week by watchdogs at the Government Accountability Office, which concluded that serious and widespread inf... read more»             Experts warn of the dark side of enterprise 2.0     (from NetworkWorld at 18-6-2010)     At the Enterprise 2.0 Conference , you'd expect to hear people extolling the benefits of using social media tools at a company, but you might not expect to hear about the dark side. And there is a dark side that ranges from the obvious -- information overload and employee burnout -- to issues that might be a lless obvious -- such as an increased feeling of isolation and letting the "loud talkers" assume a position of expert voice. "Sometimes you just have to turn all that crap off," Greg ... read more»             N.Y. attorney general tackles child pxxn on social networks     (from CNet at 18-6-2010)     New York Attorney General Andrew Cuomo has spearheaded the creation of a database of "digital fingerprints" to flag child pxxnography and keep it off social networks, his office announced Thursday. With the hash values of over 8,000 known child-pxxn images stored in the database, Cuomo said that he hopes its intended clients--social-networking, file-sharing, and photo-storage sites--will start to use it "immediately." Facebook and MySpace have already signed on as partners in the new initi... read more»             Study: net neutrality could lead to 'devastating' job losses     (from Arstechnica at 18-6-2010)     If you're looking for the Armageddon version of net neutrality analysis, search no further than a new study released by New York Law School's Advanced Communications Law & Policy Institute. The assessment, titled Net Neutrality, Investment & Jobs, damns the Federal Communications Commission's proposed net neutrality rules as "destabilizing" and suggests they could "place the nation's economy at even greater risk." The passage of such rules "could have devastating impacts across the ecosystem... read more»             Deadly 'Star Wars lightsabre' sold in UK     (from Metro at 18-6-2010)     A deadly 'Star Wars lightsabre' is being sold to UK consumers for just £135. The 'Star Wars' style device produces a laser that can burn skin and cause instant blindness. But junior Jedis hoping to recreate the clash between Obi-Wan Kenobi and Darth Vader should think again, as the Spyder III Pro Arctic is not a toy and its force could prove deadly, according to the manufacturer. The 1watt tool, said to be the world’s most powerful portable laser, features a blue ray that is 1,000 times s... read more»             Hackers respond to security breach linked with iPad     (from TopNews at 18-6-2010)     Goatse Security, the hackers supposedly blamed for iPad security breach have answered back the carrier's letter sent to the 114,000 customers affected claiming that they had no hands in alerting the media (Gawker), and may be a work of Chinese hackers. The blog that appeared on the Gizmodo's site from Gawker was alerted to the security issue last week by Goatse Security, stating: "If not for our firm talking about the exploit to third parties who subsequently notified them, they would have ne... read more»             Execs undermine IT security     (from ZDNet at 18-6-2010)     High-level executives are one of the biggest social engineering risks for organisations, according to a security expert. Senior executives often demand for exceptions to be made to security rules and policies for their convenience at the expense of security, Jayson Street, CIO and managing partner of Stratagem 1 Solutions, said on Thursday at the network security conference track. This practice makes it easy for cybercriminals to successfully gain access to corporate networks by impersonating... read more»             Apple is the new hacker bulls-eye     (from CNN at 18-6-2010)     When Apple was just a niche maker of Mac computers and only truly popular among college students and graphic designers, hackers paid little attention to the company. Instead, they focused on Microsoft, which had more than a 90% share of the PC operating system market. Those days are over. Recent iPad security scares are a sign that Apple's devices are a growing target for hackers, spammers and malicious coders. "Market share is a pretty good indicator of who hackers are going after," said ... read more»             Beating China, India turns world’s top spam source     (from Hindustan Times at 18-6-2010)     That email offer for a bulk discount on Viagra or for a million dollars from a Nigerian benefactor clogging your inbox may actually have emanated pretty close to home. A series of recent reports by Internet security companies found India has become the top spam-producing nation. After tracking over 3 million spam messages for the week ending June 13, ICSA Labs found the maximum number, 424,224 — or 14 per cent — originated from India. The second biggest source was Russia with 11.5 per cent... read more»             Thai Justice Ministry Shuts 43,000 Websites Insulting Monarchy     (from Bernama at 18-6-2010)     Justice Ministry has closed 43,000 websites insulting to the Thai monarchy and is planning to shut another 3,000 websites which might contain lese majeste (crime violating majesty) offenses, Thai News Agency reported Thursday. Its minister Pirapan Salirathavibhaga said his ministry is also tracking two people who had committed lese majeste and had fled abroad. However, no further details given on the two people. Under the Internal Security Act and the Computer-related Offenses Act of 2007,... read more»             Tory MP back in control after x-rated hack attack     (from PCPRO at 18-6-2010)     Tory MP Therese Coffey has had to move quickly to counter a hack attack of her Twitter, Facebook and blog pages. The attacks appear to have begun yesterday evening when the MP for Suffolk Coastal's Twitter account began sending out sexually explicit messages to followers, and the MP says her Facebook account and blog were also attacked. Her Twitter postings contain sexually-explicit comments about Prime Minister David Cameron's wife, and a threat that Tim Montgomerie, founder of the Conser... read more»             UN warns that organized crime is fueling growing threat to global security     (from Google at 18-6-2010)     The U.N. drug and crime czar warned Thursday that international crime syndicates pose a growing threat to global security and called for a new campaign to disrupt the markets for their illicit goods and activities in the U.S. and other rich nations. Antonio Maria Costa told a high-level General Assembly meeting that demand for illegal drugs, diamonds and other items is fueling transnational organized crime and while arresting some traffickers may divert the flow of goods it will not shut them... read more»             Computer hacker used fraud money to buy Porsche and gold     (from Telegraph at 18-6-2010)     Alistair Peckover, 21, systematically defrauded legitimate online businesses and unsuspecting members of the public with his self-taught computer skills. Peckover, of London Road, Hailsham, East Sussex, was jailed for 20 months at Southend Crown Court in Essex after admitting two counts of fraud. A further 50 offences were taken into consideration, Sussex Police said. Using sophisticated computer programmes, some of which he wrote himself, ''obsessive loner'' Peckover remotely viewed f... read more»             Mobile phones used to get past China's Internet censors     (from CNN at 18-6-2010)     The mobile web in China has loopholes where content could go under the radar of government censors, analysts say. "It could be anything else the government normally frowns upon or does not consider healthy, which could be political content to pxxnographic content," said Mark Natkin, managing director of Beijing-based Marbridge Consulting, a market research and strategy consultant firm....read more»             Feds Start Move to Reimpose Rules on ISPs     (from Wired at 18-6-2010)     The FCC began in earnest Thursday to assert its primacy on how the internet will be governed, crafting rules that will have a long-term impact on the devices, services and apps we’ll be able to use on broadband. The agency, which regulates the nation’s communications services, is scrambling to find solid legal ground to keep an eye on broadband providers, after a federal court ruled it lacked the authority to force ISPs to adhere to its so-called “Internet Freedoms.” Under the proposed rules,... read more»             Terror data handover seriously flawed     (from The Register at 18-6-2010)     The European Union has redrafted its agreement with the US Treasury which requires Europe’s financial institutions to transfer details of global financial transactions to the US. The revised Draft Agreement is to be put to the European Parliament in July for approval, despite a text containing significant privacy defects and obvious areas of drafting in need of urgent attention. The Draft Agreement often refers to “terrorism or terrorist financing” without defining what “terrorism” is, or wha... read more»             Vodafone customers collaborate to chart coverage     (from reghardware at 18-6-2010)     If you think network coverage maps are untrustworthy and always favour the supplier, here's a way to to put them straight. Vodafone has introducted a real-time UK coverage map, displaying the individual signals strengths of their customers. It requires punters to send in this information. Twitter users can tweet details by entering #vodafonesignal followed by location, connection type, signal strength in bars, whether you're indoors or not and which handset model you use.... read more»             Homeland Security has failed on US network security readiness: report     (from ComputerWorldUk at 18-6-2010)     US lawmakers questioned Wednesday whether the US Department of Homeland Security has the authority or resources it needs to protect the nation against cyberattacks. Some members of the House of Representatives Homeland Security Committee raised concerns about the number and quality of workers the cybersecurity division of DHS is able to recruit, and others asked whether DHS needs more authority from Congress to force other agencies to make changes to their cyber defences. The US government... read more»             Watch out for fake Facebook links from friends     (from wmbfnews at 18-6-2010)     As summer vacations start and people want to post pictures, videos, and updates, cybercreeps are on the hunt trying to get you to click on bad links. According to Facebook, they have more than 400 million active users and each one has on average 130 friends. People are spending over 500 billion minutes per month on Facebook. Former White House cyber expert Theresa Payton says cyberscumbags go where the action is so it's no surprise that they are up to some new tricks trying to dupe you ... read more»             San Antonio 2010 - SANS Security Leadership Essentials For Managers with Knowledge Compression     (from SANS at 18-6-2010)     This completely updated course is designed to empower advancing managers who want to get up to speed quickly on information security issues and terminology. You don't just learn about security, you learn how to manage security. Lecture sections are intense; the most common student comment is that it's like drinking from a fire hose. The diligent manager will learn vital, up-to-date knowledge and skills required to supervise the security component of any information technology project. Additional... read more»             Beyond Firewalls And Encryption - Firewalls can be circumvented by redirecting traffic or using encrypted tunnels     (from Forbes at 18-6-2010)     The dramatic rise of consumer identity theft and corporate data leaks has placed tremendous focus on Data Loss Prevention (DLP) technologies. The U.S. Federal Trade Commission reports that over 9 million Americans have their identities stolen annually. In response, federal and state governments as well as industry regulators have enacted laws requiring organizations to improve handling of sensitive data and breach notification. Additionally, the cost of data breaches has risen as organizations a... read more»             Is the U.S. prepared for cyber war or are we sitting ducks?     (from infosecisland at 18-6-2010)     Before I say anything at all, please eyeball this quote from 60 Minutes by Admiral Mike McConnell, previously chief of national intelligence who oversaw CIA, DIA, and NSA, regarding the cyber terrorism and the US electricity infrastructure: "If I were an attacker and I wanted to do strategic damage to the United States, I would either take the cold of winter or the heat of summer, and I probably would sack electric power on the U.S. East Cost, maybe the West Coast, and attempt to cause a casc... read more»             Compliance != Security - One can be in compliance and still be vulnerable to easy attacks     (from Pivotal Security at 18-6-2010)     In this post I am going to express my disappointment with a disturbing trend – more focus is being given to compliance than security. I don’t have anything personal against compliance, in fact, in my last job, I was IT Audit Manager and performed compliance related audits. While compliance is necessary and important, it is not sufficient from security perspective. One can be in compliance and still be vulnerable to easy attacks. Below are few examples- 1. PCI 2. HITEC 3. SAS 70... read more»             Obama internet 'kill switch' proposed     (from Sydney Morning Herald at 18-6-2010)     US President Barack Obama would be granted powers to seize control of and even shut down the internet under a new bill that describes the global internet as a US "national asset". Local lobby groups and academics have rounded on the plan, saying that, rather than combat terrorists, it would actually do them "the biggest favour ever" by terrorising the rest of the world, which is now heavily reliant on cyberspace. ... read more»             Intuit back online after power failure cuts services     (from v3 at 18-6-2010)     Small business financial and accounting firm Intuit is back online after an outage in its Quicken, Quickbooks and Turbo Tax online services. Some of the company's cloud services shut down abruptly yesterday and users were left in the dark and unable to file tax returns or accounts. The company says it has now solved the problems and customers will be able to begin work again.... read more»             Hackers use Google trending topics to spread malware     (from EXAMINER at 18-6-2010)     The Google trends are once again a mix of hot trends, including the Gulf Oil Spill, Michael Jackson, Miley Cyrus, Microsoft and Microsoft Kinect. Unfortunately, those who are searching for more information on a trending topic are being lured in by hackers who don't provide anything more than an unhealthy dose of malware, a term used for malicious software.... read more»             Google trends hacked     (from EXAMINER at 18-6-2010)     If you keep up with Google trends, you may have noticed that the trends were a bit unusual today. Not only was the top spot an offensive phrase ("lol" followed by the N-word), the rest of the trending topics may have led you to believe there was plenty going on in the world of pet shops, dentists and gift shops. In fact, debt counseling trended the longest, which seemed to be a more believable trend than gift shops or dentists. It looks like hackers were the likely culprit on the Google tr... read more»