Saturday, March 6, 2010

Internet (Lack of) Security News through March 6th



This Free IT-Security news feed was compiled and is provided by E-Secure-IT; the most comprehensive and complete Business Risk Management Intelligence Service and IT-Security Risk and Threat Early Warning Service available in the market today.  They offer a 30 day complimentary subscription. 


Visit them at www.e-secure-it.com or email more-info@e-secure-it.com for more information on their available services.




Thanks for Visiting - Bookmark us or Add to your Favorites and Find Out What's Going on Tomorrow in the Payments Industry


























































































































































































































































































































































































































 New Massachusetts Data Privacy Law Adds Incentive For Strong Database Security 
 (from DarkReading at 6-3-2010) 
 Database administrators and database security professionals this week faced a new set of regulatory pressures for protecting stores of sensitive personal data with the enactment of Massachusetts' landmark data privacy law. After regulators granted over a year's delay of compliance enforcement, the Massachusetts Data Privacy Law 201 CMR 17 finally went into effect on March 1. Unlike most of today's state-based data privacy laws, which primarily focus on public disclosure once a breach occurs, ... read more» 
   
 





 Cyber-terrorism a growing threat 
 (from The News at 6-3-2010) 
 Terrorists, crooks and nation states are ramping up cyber-assaults that are eating away at data, cash and security in the United States, the head of the FBI warned. “The risks are right at our doorsteps and in some cases they are in the house,” Federal Bureau of Investigation chief Robert Mueller said in a Thursday speech at an RSA Conference of computer security professionals here. “Working together we can find the people taking shots at us and stop those attacks.” Mueller was the third h... read more» 
   
 





 Money is the motivation for cybercrime 
 (from Vanguardngr at 6-3-2010) 
 Lanre Ajayi is the president of the Nigeria Internet Group and the managing director of Pinet Informatics, one of the first Internet service providers in Nigeria. In this interview, he bares his mind on why no economy can exist without fundamental ICT infrastructure. Internet fraud is still a major challenge in the country. How, in your view, can the nation adequately curb the menace? I agree with you that Internet fraud, particularly the scam mail, is a huge challenge to Nigeria. The ... read more» 
   
 





 Social media security made easy 
 (from Sophos at 6-3-2010) 
 I just returned from RSA 2010, where one of the most discussed topics was social media security. Those of us in the business use the term social media quite frequently, but what we are really referring to is Facebook, Twitter, Buzz, Bebo, Friendster, LinkedIn and MySpace, among others. Many visitors to the Sophos booth expressed their frustrations over the dilemma of how to make social media available to their staff for business reasons without exposing themselves to unnecessary security risk... read more» 
   
 





 Analyst: Google Hacked by Amateurs 
 (from macobserver.com at 6-3-2010) 
 Reports that China's government was behind cyber attacks on Google and several other companies may be wrong, and instead was the work of amateurs, according to the technology security company Damballa. The company recently completed its own analysis of the attacks designed to access Gmail accounts along with company secrets and found that the tools used by the hackers seem to indicate they weren't professionals. In its report, Damballa said "The attack is most notable, not for its advanced us... read more» 
   
 





 Software Patching Too Much Trouble For Most 
 (from Information Week at 6-3-2010) 
 The U.S. government is so flummoxed by the insecurity of computers that it has launched a contest to find someone who can create an effective way to educate people about computer security. It's clear there's a problem. Recent legal action in Spain and in Virginia against the Mariposa botnet and the Waledac botnet, two of the ten largest botnets that controlled tens of millions of hijacked computers, offers a reminder of just how many compromised computers are out there. These aren't just pers... read more» 
   
 





 Does Wi-Fi make your laptop more vulnerable to thieves? 
 (from InfoWorld at 6-3-2010) 
 It was a startling claim: Like a virtual trail of cookie crumbs, your laptop could be beaming out invisible signals that are attracting intrepid thieves armed with a common $5 gadget. This alarming scenario comes by way of a press release from security vendor Credant Technologies. Citing a news report from Jamaica, Credant's vice president of marketing, Sean Glynn, notes that "low-cost key fob Wi-Fi detectors for under a fiver, and quite sophisticated directional detectors for around the 30 ... read more» 
   
 





 Thieves target your identity 
 (from Mysanantonio at 6-3-2010) 
 Frank Auditore had his identity jacked the old school way: a neighbor in his far North Side subdivision broke into his truck and snatched a satchel filled with vital documents. Within months, Auditore, a 50-year-old airplane mechanic, started receiving phone calls about hot checks and he was slapped with a $3,200 phone bill. “The only thing that saved me was he wasn’t that smart,” said Auditore, who helped Bexar County authorities catch the thief. Situations like Auditore’s, where docum... read more» 
   
 





 Flawed Security Exposes Vital Software to Hackers 
 (from The New York Times at 6-3-2010) 
 McAfee, a leading maker of Internet security software, warned this week that software systems used by many companies to store and manage their intellectual property are being actively targeted by hackers and are in need of significantly increased security focus. McAfee’s assessment follows its work with several companies to help them recover from a wave of attacks last year — dubbed “Operation Aurora” — that affected the computer networks of Google and more than 30 other companies, many in Si... read more» 
   
 





 Phishers Targeting More (And Bigger) Fish 
 (from esecurityplanet at 6-3-2010) 
 Online phishers these days are casting a much wider net and have become infinitely more much skilled at reeling in access credentials to high-value targets, such as corporate banking systems and VPN networks, according to the latest phishing activity report (PDF format) from the Anti-Phishing Working Group (APWG). While popular online sites and brands, such as Amazon, eBay (NASDAQ: EBAY) and Facebook are still phishers' playgrounds, tinier prey -- like small credit unions in the Upper Peninsu... read more» 
   
 





 Firms slow to awaken to cybersecurity threat 
 (from Law at 6-3-2010) 
 An oddly worded e-mail was the first sign of something amiss at Los Angeles firm Gipson Hoffman & Pancione. It didn't read like the messages the firm's attorneys usually sent each other — didn't pass the "smell test." His suspicions raised, the recipient, associate Gregory Fayer, picked up the phone and discovered that the colleague who supposedly sent the e-mail knew nothing of it. Other attorneys at the firm also received the bogus e-mail, which was eventually traced to China — where Gipson... read more» 
   
 





 Jail Sentences Not Certain For Mariposa Botnet Authors 
 (from SecurityProNews at 6-3-2010) 
 Although the three men believed to be behind the Mariposa botnet were recently identified and arrested by Spanish authorities, it looks like they may avoid serving any jail time for their online trespasses. Spain's cybercrime laws are quite weak at the moment. According to Brian Krebs, Captain Cesar Lorenzana, who works for the Spanish Civil Guard, explained that prison sentences typically aren't associated with deeds committed from behind a keyboard. Plus, some things simply aren't against ... read more» 
   
 





 New Bill May Effectively Prevent Domestic Violence with GPS Tracking 
 (from brickhousesecurity at 6-3-2010) 
 In New York, Assemblyman Felix Ortiz is working hard to enact a new bill that would protect domestic violence victims by requiring any person with an order of protection issued against them to wear a GPS tracking device. The family of Erika Delia took to the steps of CIty Hall with Ortiz to express their support of such a bill. In 2007, Erika Delia was murdered by her ex-boyfriend who she had previously had a restraining order on. And just recently a woman in Flushing was murdered by a man wh... read more» 
   
 





 China Google hacks are just tip of the iceberg 
 (from ComputerWorldUk at 6-3-2010) 
 Recent Internet attacks from China against Google and other US companies will more than double this year if the pace during the first two months continues, a security expert says. This type of attack has been increasing over the past two years, with F-Secure spotting 1,968 such examples in 2008, 2,195 in 2009 and 895 so far this year, said Mikko Hypponen, chief research officer for F-Secure, who during RSA Conference held a private briefing on the attacks. Unlike other malware attacks, the... read more» 
   
 





 Cloud security, cyberwar top agenda at RSA Conference 
 (from ComputerWorldUk at 6-3-2010) 
 Cloud security loomed over the RSA Conference this week as a major concern of business, but worry about the threat of cyberwar was also strong, with officials from the White House and FBI weighing in to encourage private participation in government efforts to defend information and communications networks. During the highest profile panel at the conference, a former technical director of the National Security Agency bluntly said he doesn't trust cloud services. Speaking for himself and not... read more» 
   
 





 Cyber security needs global cooperation 
 (from theborneopost at 6-3-2010) 
 Issues relating to cyber security transcend national boundaries.Therefore, tackling security issues relating to ICT even within the country calls for international cooperation, noted CyberSecurity Malaysia’s chief executive officer Lt Col (B) Husin Jazri. CyberSecurity Malaysia is an agency under the Ministry of Science, Technology and Innovation entrusted with the task of managing cyber security, including safety in the Internet. “The culture of sharing information with its counterpart ov... read more» 
   
 





 Is chasing cybercrooks worth it? 
 (from CNN at 6-3-2010) 
 This week's arrests of three men in connection with one of the world's largest computer-virus networks may seem like great news -- perhaps even a sign authorities are starting to win the war against cyberthieves. But the real situation is more complicated. Internet crime is up, but arrests of "mastermind" hackers are rare. And the whole get-the-bad-guys effort, while it makes for good drama, is a futile way to secure the Internet, some computer security experts say.... read more» 
   
 





 Why the White House Won’t Release a Key Cyber Paper 
 (from infowar-monitor at 6-3-2010) 
 Even as the new government-wide cyber coordinator, Howard Schmidt, pledged to promote transparency as the government moves to protect cyberspace, the administration won’t release a legal memorandum that many, including the one-time head of its cyber security review, hoped would be made public. The memo was drafted as an appendix to the White House Cyberspace Policy Review led by Melissa Hathaway, at the time the acting senior director for cyber issues at the National Security Council. Hathaw... read more» 
   
 





 Up to 90% of UK companies may not comply with PCI security standards 
 (from ComputerWorldUk at 6-3-2010) 
 New research shows that 89 percent of UK companies are not compliant with the Payment Card Industry Data Security Standards. The independent research, commissioned by security solutions provider Tripwire and carried out by Redshift Research, surveyed 100 businesses in the retail, financial services and hospitality sector. Companies in the UK are required to reach full compliance, by taking measures to protect customer card details, by the deadline of 30 September 2010. However, the res... read more» 
   
 





 Hackers corrupt source code to spy on firms, warns FBI director 
 (from ComputerWorldUk at 6-3-2010) 
 Hackers breaking into businesses and government agencies with targeted attacks have not only stolen intellectual property, in some cases they have corrupted data too, the head of the US Federal Bureau of Investigation said. The United States has been under assault from these targeted spear-phishing attacks for years, but they received mainstream attention in January, when Google admitted that it had been hit and threatened to pull its business out of China - the presumed source of the attack ... read more» 
   
 





 Sender authentication effective, but no panacea against spam 
 (from allspammedup at 6-3-2010) 
 How effective is sender authentication in contributing to the fight against spam? A recent analysis of Microsoft’s email volumes revealed some interesting findings on the subject. The analysis conducted by Terry Zink studied the impact of two sender authentication technologies, DKIM and SPF, on his company’s email flows. DKIM, or DomainKeys Identified Mail, allows the sender of an email message to take responsibility for it while it’s in transit. It’s a way to validate a domain name identi... read more» 
   
 





 Singapore tightens measures to prevent payment card fraud 
 (from ChannelNewsAsia at 6-3-2010) 
 According to the Association of Banks in Singapore (ABS), card issuers will start implementing the changes with new card applications or renewals in the second half of the year. By April next year, all payment cards - including credit cards and debit cards - will have microprocessor chips embedded into them. And alerts will be sent to card-holders when the cards are used for the first time, or if a transaction exceeds a pre-determined amount. In addition, a one-time password will be requir... read more» 
   
 





 Terrorists are pursuing hacking skills: FBI 
 (from freehacking at 6-3-2010) 
 The Federal Bureau of Investigation (FBI) has raised concern over the usage of internet by international criminals and terror organisations to bolster their attack on countries and their governments. Speaking at an Internet security conference on Thursday, Mar 4, FBI director Robert Mueller warned about the growing threat of cyber crime and explained how a cyber attack could be as detrimental as a 'well-placed bomb'. "Terrorists have shown a clear interest in pursuing hacking skills and th... read more» 
   
 





 More online brands targeted in cybercrime, record high in Q4 
 (from sanjose at 6-3-2010) 
 E-criminals have expanded the base of brands they exploit for online fraud beyond major financial institutions and online merchants, with the number of hijacked brands reaching a record 356 in October, according to a report released Friday. That total is up nearly 4.4 percent from the previous record of 341 in August 2009, according to anti-phishing group APWG, which has offices in Los Altos and Cambridge, Mass.... read more» 
   
 





 Internet-addict couple starve baby to death 
 (from New Zealand Herald at 6-3-2010) 
 A South Korean couple who were addicted to the internet let their three-month-old baby starve to death while raising a virtual daughter online. The pair fed their own premature baby just once a day in between 12-hour stretches at an internet cafe, the BBC reported. Police officer Chung Jin-won told the official Yonhap news agency that the couple "lost their will to live a normal life" after losing their jobs. He said they "indulged themselves online" to escape from reality.... read more» 
   
 





 Submarine cables damaged by Taiwan earthquake 
 (from TeleGeography at 6-3-2010) 
 Taiwanese telco Chunghwa Telecom has announced that several undersea cables have been damaged by the 6.4-magnitude earthquake and aftershocks which struck near the southern Taiwan city of Pingtung, reports IDG News Service. Services were disrupted on Thursday and early Friday, but Chunghwa said that global communications and internet services have now been restored, mainly by rerouting services on undamaged cables.... read more» 
   
 





 FBI: Hackers change source code to spy on firms 
 (from TechWorld at 6-3-2010) 
 Hackers breaking into businesses and government agencies with targeted attacks have not only stolen intellectual property, in some cases they have corrupted data too, the head of the US Federal Bureau of Investigation said Thursday. The United States has been under assault from these targeted spear-phishing attacks for years, but they received mainstream attention in January, when Google admitted that it had been hit and threatened to pull its business out of China - the presumed source of th... read more» 
   
 





 IT professionals recover from recession 
 (from TechWorld at 6-3-2010) 
 A global survey of IT professionals has revealed a fairly upbeat picture of life in the tech department. Hiring is set to rise modestly, budgets are now stable and salaries could even be rising a bit. ISC(2), a UK-based security qualifications organisation, asked just under 3,000 IT people from around the globe how they saw life after a recessionary period that has taken a well-documented toll on spending, hiring and career prospects.... read more» 
   
 





 Copycat China Google hacks are on pace to double this year 
 (from TechWorld at 6-3-2010) 
 Recent Internet attacks from China against Google and other US companies will more than double this year if the pace during the first two months continues, a security expert says. This type of attack has been increasing over the past two years, with F-Secure spotting 1,968 such examples in 2008, 2,195 in 2009 and 895 so far this year, said Mikko Hypponen, chief research officer for F-Secure, who during RSA Conference held a private briefing on the attacks.... read more» 
   
 





 Government could block copyright infringing websites 
 (from TechWorld at 6-3-2010) 
 The government has amended the Digital Economy Bill to give High Court judges the power to block any website with a "substantial" amount of copyright infringing content, such as YouTube. The House of Lords passed the amendment to the controversial Clause 17, which last year raised concerns as it allows the Secretary of State to adjust copyright law in a bid to keep up with technological advances. At the time, the Department for Business, Innovation and Skills (BIS) defended Clause 17, saying ... read more» 
   
 





 Internet hit by wave of ransom malware 
 (from TechWorld at 6-3-2010) 
 Criminals re-used an attack from 2008 to hit the Internet with a huge wave of ransomware in recent weeks, a security company has reported. In the space of only two days, 8 and 9 February, the HTML/Goldun.AXT campaign detected by Fortinet accounted for more than half the total malware detected for February, which gives some indication of its unusual scale. The attack itself takes the form of a spam email with an attachment, report.zip, which if clicked automatically downloads a rogue anti-viru... read more» 
   
 





 Data centers tackling cyber terrorism, slowly 
 (from Network World at 6-3-2010) 
 The data center is receiving more public scrutiny than ever before, with IT managers facing a range of challenges from making systems run more efficiently to protecting computers from cyber terrorism, says AFCOM chief executive Jill Eckhaus The 30-year-old organization for data center managers is holding its twice-yearly Data Center World show from March 7-11 in Nashville, Tenn., where IT folks will learn about the most pressing issues facing data centers today and share their own experiences... read more» 
   
 





 Domestic spying to protect against cyber warfare 
 (from TGDaily at 6-3-2010) 
 Big Brother really is watching you, and checking your emails for evidence you may be plotting a cyber attack on the US government, according to a declassified summary of project Einstein, the US National Security Association’s program to protect the States from cyber warfare. Obama’s administration has decided to let the public know that, yes, just as they suspected, they are being watched and monitored by the NSA, but only, you understand, to protect against cyber war, not for anything sinis... read more» 
   
 





 RSA 2010: PGP president eschews easy answers 
 (from v3 at 6-3-2010) 
 PGP president and chief executive Phil Dunkelberger has predicted that the development of enterprise cloud computing could create legal headaches as well as security issues. Dunkelberger explained that, as companies move critical infrastructures to cloud platforms located elsewhere in the world, the customer's regulatory and compliance rules could come into conflict with those of the company hosting the cloud. "When you go into the cloud, the way data is treated legally is different from when... read more» 
   
 





 Political parties must stick to privacy rules or face action, IC warns 
 (from iwr at 6-3-2010) 
 According to him, political parties must understand important privacy rules when promoting themselves to voters and “keep to them”. The Information Commissioner’s Office (ICO) is issuing updated guidance for political parties and candidates covering a range of communication techniques including direct mail, emails, text messages, phone calling and automated phone calls. The document covers guidance on direct market campaigning, such as encouraging individuals to vote for a particular party or... read more» 
   
 





 Spamhaus: Microsoft's botnet cull had little effect 
 (from ZDNet at 6-3-2010) 
 Microsoft's takedown of the Waledac botnet has not been effective, according to some security researchers. The throttling of Waledac, which Microsoft claimed to have achieved by means of legal action last week, has led to no appreciable reduction of junk mail coming from the botnet, anti-spam organisation Spamhaus told ZDNet UK on Tuesday.... read more» 
   
 





 RSA Keynotes: Howard Schmidt 
 (from garwarner at 6-3-2010) 
 I've always regretted not attending the RSA conference with more than 500 speakers in 15 different tracks, and perhaps never so much as this year. A special disappointment was not attending the Secure Computing Awards dinner where this year they gave out their first Blogger Awards, including "Most Popular Security Blogger", which was awarded to Gary Warner, author of Cybercrime & Doing Time! Thanks to my friends and readers who voted. I was excited when the announcement was made that Howard S... read more» 
   
 





 Westin hotel in LA reports possible data breach 
 (from Computer World at 6-3-2010) 
 People who stayed at the Westin Bonaventure Hotel & Suites in Los Angeles last year and used their credit or debit card to eat there should keep a close eye on their bank statements. Hotel officials disclosed Friday that the hotel's four restaurants, along with its valet parking operation, may have been hacked at some time between April and December, disclosing names, credit card numbers and expiration dates printed on customers' debit and credit cards. The Westin Bonaventure is in L.A.'s dow... read more» 
   
 





 Think software patching is a hassle? You're not alone 
 (from The Register at 6-3-2010) 
 Underscoring a barrier to remaining secure online, the average Windows PC user has to install a software update every five days from 22 different providers, according to vulnerability tracking service Secunia. The figure is based on the results of more than 2 million users of Secunia's PSI, or Personal Software Inspector, a free application that helps consumers keep track of out-of-date software on their machines.... read more» 
   
 





 Four Undersea Cables Damaged as a Result of Thursday's Earthquake in Taiwan 
 (from TMC Net at 6-3-2010) 
 At least four undersea fiber-optic telecommunications cables were damaged as a result of the 6.4-magnitude earthquake and aftershocks that rocked Taiwan on Thursday. According to published reports, Chunghwa Telecom had to send workers to repair four cables in order to prevent service disruptions around Asia following the initial quake and subsequent aftershocks. Internet and communications traffic was rerouted to other cables that were not damaged and only brief service disruptions were repor... read more» 
   
 





 Mystery of alleged MI6 traitor's data theft 
 (from The Register at 6-3-2010) 
 Next week, a 25-year-old man will appear at the drab Magistrates' court in Westminster's Horseferry Road to answer allegations he tried to sell Top Secret MI6 files to a foreign intelligence agency for £900,000. Daniel Houghton, who has joint British and Dutch citizenship, is accused of walking out of a meeting at a central London hotel on Monday this week with a briefcase stuffed with cash. He allegedly believed he had just sold memory sticks and a laptop hard drive containing details of Bri... read more» 
   
 





 Scareware sellers fool Google with file switch 
 (from The Register at 6-3-2010) 
 Cybercrooks have developed a new technique for manipulating search engine results in order to promote the crud they sell, such as scareware packages. Hackers first place benign pdf files on web pages they are seeking to promote, before replacing these documents with booby-trapped Flash files once a new site has been indexed.... read more» 
   
 





 Tweet this: Social network security is risky business 
 (from Computer World at 6-3-2010) 
 Businesses are still trying to figure out what to make of social networking. The knee-jerk impulse at some companies is to ban its use because it's insecure and seen as unproductive, while at others it's viewed as, in fact, the way a lot of people now get work done. The debate gets into familiar territory -- balancing business benefits versus risks -- and some that's not so familiar: Is a new generation in the workforce wired differently because of Facebook and Twitter? Hayes' panel addressed... read more» 
   
 





 UT Southwestern employee accused of selling patient information 
 (from Wfaa at 6-3-2010) 
 Authorities arrested an employee at UT Southwestern Medical Center after she allegedly stole patent information and possibly their identities. Hundreds of patients' personal information - including birth dates, addresses, phone numbers and financial data - was stolen before Tracy Renay Thomas' arrest and termination, police said. Thomas is accused of stealing that information and then selling it to a third party. "No," Thomas said when asked if those allegations are true. "I need to ca... read more» 
   
 





 Risk Based Enterprise Compliance Programs 
 (from information-security-resources at 6-3-2010) 
 A recent benchmarking survey of Third Party Codes of Conduct was conducted by the Society of Corporate Compliance and Ethics (SCCE) and reported on by Rebecca Walker. The findings indicated that a majority of companies with an otherwise robust compliance program do not extend this to third parties with which they conduct business. The findings revealed the following: 53% of companies do not disseminate their internal codes of conduct to third parties; only 26% require third parties to cert... read more» 
   
 





 More online trust? Collect less data 
 (from hostexploit at 6-3-2010) 
 Businesses are asking for too much personal information from their customers in efforts to create an online "trusted environment" for interaction, and more importantly, e-commerce. The practice gives rise to more opportunities for cybercriminals to get their hands on users' information through Trojans, spam mail and other malware, noted Stefan Brands, principal architect of Microsoft's identity and access group, in an interview with ZDNet Asia Wednesday. He was speaking on the sidelines of th... read more» 
   
 





 Creating a new trust framework 
 (from Net-Security at 6-3-2010) 
 Google, PayPal, Equifax, VeriSign, Verizon, CA, and Booz Allen Hamilton announced the formation of the Open Identity Exchange (OIX), a non-profit organization dedicated to building trust in the exchange of online identity credentials across public and private sectors. With initial grants from the OpenID (OIDF) and Information Card Foundation (ICF), OIX has been approved as a trust framework provider by the United States Government to certify online identity management providers to U.S. feder... read more» 
   
 





 Video: RSA Conference 2010 showcase 
 (from Net-Security at 6-3-2010) 
 In this RSA Conference 2010 video showcase, you can check out the look and feel of the event and the expo floor.... read more» 
   
 





 Study lauds IE for blocking Web's social attacks 
 (from CNet at 6-3-2010) 
 An updated study has found that when it comes to blocking Web sites used in efforts to trick people into installing malware, Internet Explorer has widened its lead over the four other most-used browsers. NSS Labs, a product analysis company, issued a third installment of an ongoing study of how well browsers avert socially engineered attacks that try to exploit a person's trust with a Web address that actually installs and runs malware. The upshot: "Windows Internet Explorer 8 provided the be... read more» 
   
 





 Public employees union slams Alaska data loss deal 
 (from Businessweek at 6-3-2010) 
 A union representing 8,000 Alaska government workers is calling on the state to renegotiate terms of an identity theft settlement with the firm responsible for losing personal data of 77,000 current and former public employees. In a letter to the administration sent Thursday, the Alaska State Employees Association criticized the state's settlement with PricewaterhouseCoopers LLP for being too passive and too limited. Specifically, it wants the affected people to be automatically enrolled i... read more» 
   
 





 New Hacking Trend: Cybercrime Goes Virtual. Hackers are employing phishing attacks to snare access data for user accounts for online role-playing game 
 (from freehacking at 6-3-2010) 
 Cybercrime is going virtual. Hackers are employing phishing attacks to snare access data for user accounts for online role-playing games. They then use the plundered passwords to transfer away virtual swords and other gear. Because the objects often demand a great deal of time to earn, once stolen they can then be resold for a significant profit. Computer gamers are increasingly finding that there's a serious side to their virtual fun: their hard-earned virtual objects are being stolen from t... read more» 
   
 





 IT security expert calls for new public sector position 
 (from BCS at 6-3-2010) 
 The issue of computer security is particularly important for public sector organisations, and an expert is calling for the establishment of a new position dealing with data management. Technical director of CESG Chris Ensor, who is based at GCHQ in Cheltenham, told the Local Government Chronicle that he would like to see the creation of an information assurance role. 'While there is lots of good work going on in different parts of the public sector, bringing a holistic approach to informat... read more» 
   
 





 Plans to fight cyberwar are a 'recipe for disaster' 
 (from Guardian at 6-3-2010) 
 Senior security experts have criticised the west's approach to online threats, suggesting that not enough is being done to stem the growing tide of cyberattacks. Michael Chertoff, a former secretary at the US Department of Homeland Security, said on Wednesday that current cybersecurity policies were a "recipe for disaster" that could inadvertently encourage a virtual attack equivalent to "the next Pearl Harbour". Meanwhile former White House counter-terrorism adviser Richard Clarke said th... read more» 
   
 





 Information Security for SMEs 
 (from infocles at 5-3-2010) 
 If you run a small or medium sized enterprise, then you’re probably up to your eyes in government red-tape, and legal and regulatory obligations, and that’s before you start to actually run and operate your business in order to make a living. A key component in the smooth running of your business is information. That information may take on many forms – customer or supplier details, financial data or secret recipes for the perfect carrot cake – whatever it is, it is vital to your organisation... read more» 
   
 





 NATO Chief Calls Attention to Cyber Threats 
 (from abcnews at 5-3-2010) 
 NATO is facing new threats in cyberspace that cannot be met by lining up soldiers and tanks, the alliance's secretary-general said Thursday in an apparent reference to terror groups and criminal networks. Anders Fogh Rasmussen said there were several international actors who want "to know what's going on inside NATO, and they also use cyberspace to achieve their goals." He refused to give details or name groups except to say there were "many of them." "It's really a broad range of threa... read more» 
   
 





 Internet Solutions Corp. v. Tabitha Marshall SC09-272 
 (from wfsu at 5-3-2010) 
 Internet Solutions sued Ms. Marshall in federal court in Florida, alleging defamation for comments she posted about the company on her Web site. Internet Solutions is a Nevada corporation that does business in Florida; Ms. Marshall lives in the state of Washington. Ms. Marshall argued the suit should be dismissed because there was not enough to connect her to Florida. The 11th U.S. Circuit Court of Appeals is asking this Court whether the Florida statute that deals with lawsuits against non-resi... read more» 
   
 





 RSA 2010: FBI asks businesses to help fight e-crime 
 (from v3 at 5-3-2010) 
 The director of the FBI used his keynote address at the RSA 2010 conference to appeal for greater co-operation between law enforcement and the private sector to tackle online crime. Robert Mueller told delegates that the need for co-operation had never been stronger, as online fraud rises to huge levels and the next generation of terrorists move online in unprecedented numbers.... read more» 
   
 





 More Headaches for ICANN Meeting in Nariobi, Kenya 
 (from domainnamewire at 5-3-2010) 
 As if security threats and big name companies backing out of next week’s ICANN meeting in Nairobi weren’t enough, attendees to the meeting are about to face another big headache. Nick Tomasso, General Manager, Meetings and Conferences for ICANN has just posted an update that the InterGovernmental Authority on Development (IGAD) will be holding a meeting at the same venue as the ICANN meeting next week. Tomasso writes that this could “severely impact our community as it attends the meeting ... read more» 
   
 





 Community to Face Possible Headaches at KICC 
 (from ICANN at 5-3-2010) 
 Late Wednesday, my meetings team here in Nairobi was hit with some unexpected and troubling news by the Kenyatta International Conference Centre (KICC), the venue for the ICANN meeting. Unfortunately, it is news that could severely impact our community as it attends the meeting here on Monday and Tuesday. Officials at the KICC informed us for the first time Wednesday, that the InterGovernmental Authority on Development (IGAD) will be conducting a major meeting in the KICC on Monday and Tuesda... read more» 
   
 





 Workshop Call for Papers W2SP 2010: Web 2.0 Security and Privacy 2010 - Thursday, May 20 The Claremont Resort, Oakland, California 
 (from Larry Koved at 5-3-2010) 
 The goal of this one day workshop is to bring together researchers and practitioners from academia and industry to focus on understanding Web 2.0 security and privacy issues, and establishing new collaborations in these areas. Web 2.0 is about connecting people and amplifying the power of working together. An ongoing explosion of new technology is powering increasingly complex social and business interactions as well as enabling an unprecedented level of unmediated information exchange and h... read more» 
   
 





 DHS Crowdsources Ideas for Cybersecurity Campaign 
 (from PCWorld at 5-3-2010) 
 The U.S. Department of Homeland Security is looking to Internet users for new ways of getting its cybersecurity message out, and before you ask, the agency says that the method chosen "may under no circumstance create spam." To crowdsource its public education needs, DHS is holding a competition, called the National Cybersecurity Awareness Campaign Challenge, which ends April 30. The agency wants submissions, in Word format, of proposals for how it can "clearly and comprehensively discuss cyb... read more» 
   
 





 Inside the Cybercrime Black Market 
 (from PCmag at 5-3-2010) 
 There's a market like no other in the RSA Conference's Exposition Hall: a real-world cybercriminal black market. It's not real, of course, but by creating a visible and tangible replica of the identity theft and cybercrime underground market, Symantec hopes to educate and show the public just how bad the problem is. Symantec devised this demonstration as a one-time exhibit, but found it too popular to put away. They transport it to trade shows and the like, spreading the word about cybercrime... read more» 
   
 





 Experts laud IPS virtual patching, but warn against misuse 
 (from TechTarget at 5-3-2010) 
 Security pros at RSA Conference 2010 say that virtual patching can be an effective short-term fix for network vulnerabilities, but it shouldn't replace the implementation of proper fixes for systems and applications. During a panel discussion on evolving network security, Peter J. Kunz, manager of infrastructure security for automaker Daimler, lauded the concept of using intrusion prevention systems (IPS) and vulnerability management products to virtually patch vulnerabilities in applications... read more» 
   
 





 Call for Papers: The Second Workshop on E-Learning Security (ELS-2010) 
 (from i-Society 2010 at 5-3-2010) 
 The International Conference on Information Society (i-Society 2010), Technical Co-Sponsored by IEEE UK/RI Computer Chapter June 28-30, 2010, London, UK (www.i-society.eu) Objectives The aim of the ELS-2010 Workshop is to bring together researchers and practitioners interested in E-Learning Security and to discuss the latest advanced technologies in this area. This workshop is expected to stimulate discussions about the future development of appropriate models, methods, and tools for bui... read more» 
   
 





 New zealand ITSec Chapter Final call, NZISF seminar, 10 March 
 (from Janczewski, Lech at 5-3-2010) 
 New Zealand Information Security Forum (NZISF) cordially invites you and your friends to the March 2010 breakfast meeting: Venue: The Auckland Club, 34 Shortland St, CBD, Auckland Date: Wednesday, 10 March 2010 Time: 7:30 am Cost: NZISF, NZSA and NZCS members - $35, students - $20, all others - $ 40, Cash or cheque, no credit cards. Topic: ... read more» 
   
 





 RSA: DHS Chief Launches Cybersecurity Competition 
 (from informationweek at 5-3-2010) 
 Speaking at the RSA Conference in San Francisco on Wednesday, Secretary of the Department of Homeland Security (DHS) Janet Napolitano announced the National Cybersecurity Awareness Campaign Challenge Competition, a contest to solicit ideas from individuals and industry about how to best engage the American public in a discussion about cybersecurity. "A secure cyber environment is as much about people and habits and culture as it is about machines," said Napolitano. "...We need to have an ongo... read more» 
   
 





 Perforce Software Responds to McAfee White Paper on Operation Aurora 
 (from Yahoo at 5-3-2010) 
 Perforce Software as well as other companies, whose applications house critical data, was the subject of a White Paper issued by McAfee on March 3, 2010. As the White Paper states, Perforce “has long been a staple of source code control systems and has thousands of customers. Its products are used by the largest Fortune 1,000 companies.” It stands to reason that when hackers are looking for a company’s intellectual property (IP), they would look to Perforce where the content is versioned and ... read more» 
   
 





 Cryptography experts bicker with former NSA director at RSA panel 
 (from Cgisecurity at 5-3-2010) 
 I recently attended RSA and had a chance to see the cryptography panel. Towards the end of the panel an amusing amount of bickering began between the former NSA technical director (Brian snow) and folks such as Whit Diffie (inventor of diffie hellman key exchange), and Adi Shamir (co founder of RSA algorithm) about what the NSA knows versus the private sector.... read more» 
   
 





 Source code management a weak spot in Aurora attacks 
 (from Computer World at 5-3-2010) 
 Companies should take extra steps to secure their source code from the type of targeted attacks that hit Google, Adobe, Intel and others over the past few months. That's according to security vendor McAfee, which released a report detailing the way software source code was accessed in some of these attacks. "We saw targeted attacks against software configuration management products," said George Kurtz, McAfee's chief technology officer. In many of the attacks company engineers and technica... read more» 
   
 





 Few Details Emerge in White House Cybersecurity Plan 
 (from enterprise-security-today at 5-3-2010) 
 The Obama administration on Tuesday gave the public a peek at the Bush administration's classified plan to secure the nation's computer systems, but the newly revealed list of broad goals provided few surprises and key provisions remain secret. The decision to publish a summary of the cyber initiative on the White House blog came just a month after the Washington-based Electronic Privacy Information Center filed a lawsuit in federal court seeking release of the computer security document.... read more» 
   
 





 US cybercrime head wary to fault countries 
 (from Financial Times at 5-3-2010) 
 Countries accused of harbouring criminal computer hackers are victims themselves, the new US cybersecurity policy chief said on Thursday, suggesting that the US would not take a more confrontational tack against China and Russia. “There’s a perspective that the government is somehow protecting bad guys in one place or another. I don’t know that’s the case,” Howard Schmidt, who took up his post as White House cybersecurity co-ordinator in January, told the Financial Times.... read more» 
   
 





 Why the White House Won't Release a Key Cyber Paper 
 (from theatlantic at 5-3-2010) 
 Even as the new government-wide cyber coordinator, Howard Schmidt, pledged to promote transparency as the government moves to protect cyberspace, the administration won't release a legal memorandum that many, including the one-time head of its cyber security review, hoped would be made public. The memo was drafted as an appendix to the White House Cyberspace Policy Review led by Melissa Hathaway, at the time the acting senior director for cyber issues at the National Security Council.... read more» 
   
 





 Phishing Alert - Tool Automates Targeted Attacks On Social Network Users - Spear phishing on email is dangerous, but it's even more dangerous on social networks 
 (from DarkReading at 5-3-2010) 
 A researcher here today released a free tool that impersonates a Twitter user's account in order to execute automated targeted attacks on the person's followers. Pedro Varangot, a security researcher with Core Security Labs, says the group wrote the tool as a way to demonstrate and test for how social networks can be used for spear phishing. The initial version executes attacks on Twitter, but Varangot says it can be extended to work against Facebook and other social networks. The tool is bas... read more» 
   
 





 New hacker scheme is infecting educational servers worldwide with Viagra ads 
 (from SecurityPark at 5-3-2010) 
 Imperva's latest report warns that hackers have become industrialized and represent an exponentially increased threat to individuals, organizations and Government. Imperva’s report says the emerging industrialization of hacking parallels the way in which the 19th century revolution advanced methods and accelerated assembly from single to mass production. The result is that today’s cybercrime industry has transformed and automated itself to improve efficiency, scalability and profitability. As... read more» 
   
 





 McAfee: System Security Is Weak Despite Locked Doors 
 (from enterprise-security-today at 5-3-2010) 
 Evidence from the recent Aurora hack attacks on major American corporations suggest that many may have tightly locked virtual front doors, but no cybersecurity inside their systems, a McAfee expert warned on Wednesday. In a Security Insights blog post, Paul Kurtz, McAfee's chief technology officer, discussed his study of the December-through-February attacks on Google, Intel Relevant Products/Services, Adobe Systems, and other large firms. He concluded that "Many organizations have tight secu... read more» 
   
 





 RSA: Homeland security secretary outlines latest online efforts 
 (from ZDNet at 5-3-2010) 
 At the RSA Conference in San Francisco, U.S. Secretary of Homeland Security Janet Napolitano discusses three efforts underway to ensure the security of the nation’s cyberinfrastructure. This includes the development of National Cybersecurity Incident Response Plan, which will facilitate a coordinated response to cyberthreats from the federal government, local city and state governments, as well as the private sector. For more details : http://blogs.zdnet.com/BTL/?p=31593... read more» 
   
 





 Chinese Attacks Like the One Against Google Are on Pace to Double This Year 
 (from CIO at 5-3-2010) 
 Recent Internet attacks from China against Google (GOOG) and other U.S. companies will more than double this year if the pace during the first two months continues, a security expert says. This type of attack has been increasing over the past two years, with F-Secure spotting 1,968 such examples in 2008, 2,195 in 2009 and 895 so far this year, said Mikko Hypponen, chief research officer for F-Secure, who during RSA Conference held a private briefing on the attacks.... read more» 
   
 





 Hacker defaces Iowa Homeland Security web site; forces shutdown 
 (from DesMoinesRegister at 5-3-2010) 
 The Iowa Division of Homeland Security and Emergency Management shut down its web site Wednesday night after a hacker gained access and defaced it, state officials said Thursday. This was the second serious hacking incident within the past five weeks in state government. On Jan 26, a licensing database of the Iowa Racing and Gaming Commission was breached by a hacker, possibly from China, compromising personal data for 80,000 people.... read more» 
   
 





 Government: Cybersecurity IT Skills Scarce 
 (from informationweek at 5-3-2010) 
 More than half of government cybersecurity managers say it's "very challenging" to find candidates with the right skills and the right amount of experience for new jobs, according to a new survey by the International Information Systems Security Certification Consortium ((ISC)2).... read more» 
   
 





 Internet is examination for human race - Patriarch Kirill 
 (from Rian at 5-3-2010) 
 The head of the Russian Orthodox Church Patriarch Kirill of Moscow and All Russia sees the Internet as an examination for the human race as not only has the web become a laboratory forming an individual but also constitutes a threat of destruction. "Nowadays the Internet is a kind of laboratory where a individual should be formed and where a character should be sharpened," Patriarch Kirill said during his meeting with Moscow students.... read more» 
   
 





 Town website publisher's pxxx business 
 (from thisishullandeastriding at 5-3-2010) 
 A BUSINESSMAN promoted by East Riding civic leaders has designed thousands of hardcore pornography websites, the Mail can reveal. Online publisher Paul Smith has advised Beverley and Holderness MP Graham Stuart over technical aspects of his website. Until this week, he was also a member of a new partnership called the Beverley Economy And Tourism Group, aimed at boosting the town's economy and tourism appeal. In a recent East Riding Council press release, the group's chairman, Mayor of Beverl... read more» 
   
 





 Malaysian hacker to be extradited 
 (from Bangkok Post at 5-3-2010) 
 The Criminal Court on Thursday decided to extradite a Malaysian suspected computer hacker to the United States for further legal action. Gooi Kokseng, alias Delpiero, 44, is wanted by the US for being a member of a gang of credit cards data hackers which had committed computer crime in the US and Southeast Asia causing more than US$150 million or about 5,000 million baht. The man was arrested in Thailand on Jan 13 last year after the US made a request through the Foreign Ministry. Gooi ... read more» 
   
 





 Has Ubisoft's 'Always Online' DRM Scheme Been Foiled? 
 (from PCWorld at 5-3-2010) 
 A cracked copy of the new World War II submarine simulation Silent Hunter 5 may have made its way onto file sharing sites, and some are claiming Ubisoft's 'always online' play requirement has been circumvented. The European games publisher's response? Don't kid yourself. Posted to a complaint thread on the game's official message boards by an Ubisoft forum manager, Ubisoft's official statement on the matter reads as follows: "You have probably seen rumors on the web that Assassin's Cree... read more» 
   
 





 Cybersecurity: Just Get Tough 
 (from Forbes at 5-3-2010) 
 Talking security with those who know--or even worse, knew very recently and can now talk--is an alarming business. Wednesday I was onstage and talking backstage at the RSA security conference with both former U.S. Homeland Security Michael Chertoff and former National Security Council official Richard Clarke, along with Electronic Privacy Information Center Executive Director Marc Rotenberg. Judging from our conversation, the U.S. is in a frightening place and needs to move fast.... read more» 
   
 





 Official claims sex diary on Net is invasion of privacy 
 (from Global Times at 5-3-2010) 
 The former senior tobacco official whose purported sex diary was posted on the Internet has asked local police to arrest whoever was responsible for the leak and charge the hackers with invasion of privacy. Han Feng, a former official in the Guangxi Zhuang Autonomous Region, claimed that someone with malicious motives hacked into his computer diary and changed the content to embarrass him.... read more» 
   
 





 Former NSA tech chief: I don't trust the cloud 
 (from ITWorldCanada at 5-3-2010) 
 The former National Security Agency technical director told the RSA Conference he doesn't trust cloud services and bluntly admonished vendors for leaving software vulnerabilities unpatched sometimes for years. Speaking for himself and not the agency, Brian Snow says that cloud infrastructure can deliver services that customers can access securely, but the shared nature of the cloud leaves doubts about attack channels through other users in the cloud. "You don't know what else is cuddling up n... read more» 
   
 





 Is The Commerce Department Really Ready To Regulate The Internet? 
 (from Techdirt at 5-3-2010) 
 Larry Strickling, the head of the National Telecommunications and Information Agency (a division of the Department of Commerce), gave a speech last week where he outlined, in broad strokes, a vision for "Internet Policy 3.0", which suggested a much more hands-on approach to regulating the internet. This got some attention online, with some claiming that the US was "rescinding" its "leave internet alone policy." That may be a stretch from what was actually said, but a lot of people are wonder... read more» 
   
 





 Symantec exhibit makes cybercrime tangible 
 (from CNet at 5-3-2010) 
 For many people, the concepts of botnets, software exploits, and underground marketplaces are fairly abstract. To solve that problem, Symantec has created a Black Market exhibit that attempts to make these virtual ideas more tangible. The security company gave tours of its Black Market at the RSA security conference here this week. "We really wanted to create a sensory experience so that everyone would realize that cybercrime is happening to us all the time. We tried to portray the view th... read more» 
   
 





 DHS Chief: Security Requires Faster Response 
 (from InternetNews at 5-3-2010) 
 Department of Homeland Security Secretary Janet Napolitano told security experts and media that while many great ideas have been suggested, less talk and more action is needed to safeguard government and corporate networks. "We need to do more and do it faster," she said. While there is perhaps no ultimate technology solution to protect the country's digital infrastructure, Napolitano said her department wants to provide the ability to "bounce back" from an attack of any size, which would req... read more» 
   
 





 The growing threat of smart phones 
 (from digitalbond at 5-3-2010) 
 A new video out of Rutgers University demonstrates remote control of a rootkit infected open source Linux based smart phone that allows the attackers to use the phone as a listening device without the user being aware that the phone is communicating. While not a new concept (using a cell phone as a bug) the proliferation of smart phones enabled with Wi-Fi, blue tooth and other communication technologies coupled with built in services such as SSH, telnet and others creates a whole new range of t... read more» 
   
 





 Dr. Drew's Cyber-Spies Busted Alleged Stalker 
 (from TMZ at 5-3-2010) 
 Dr. Drew Pinsky hired a team of cyber-security experts to monitor his alleged stalker -- and they're the ones who blew the whistle on the guy's whereabouts yesterday ... sources tell TMZ. As we first reported, Charles Pearson posted a message on his website yesterday which described his exact whereabouts -- a computer station at the Pierce College library in Woodland Hills, CA.... read more» 
   
 





 ICO makes financial case for data protection 
 (from v3 at 5-3-2010) 
 The Information Commissioner's Office (ICO) has published a new report designed to encourage organisations to prioritise data protection best practice. Launched at a Data Protection Officer conference in Manchester yesterday, the Privacy Dividend report (PDF) explains how to put a value on personal information and assess the benefits of protecting privacy.The document includes practical tools designed to help organisations prepare a business case for investing in privacy and data protection, ... read more» 
   
 





 RSA 2010: DHS boss announces cyber security contest 
 (from v3 at 5-3-2010) 
 The Secretary of the US Department for Homeland Security (DHS) has announced a new initiative to educate the public and private sectors about the need for cyber security. Janet Napolitano used her keynote address to the RSA 2010 conference in San Francisco to announce the National Cybersecurity Awareness Campaign Challenge Competition.The contest is designed to find the best way to inspire companies and the public to protect themselves online.... read more» 
   
 





 FBI Embeds Cyber-investigators in Ukraine, Estonia 
 (from PCWorld at 5-3-2010) 
 Hoping to catch cybercrooks, the U.S. Federal Bureau of Investigation has begun embedding agents with law enforcement agencies in Estonia, the Ukraine and the Netherlands. Over the past few months, the agents have begun working hand in hand with local police to help crack tough international cybercrime investigations, said Jeffrey Troy, chief of the FBI's Cyber Division, in an interview at the RSA Conference in San Francisco. Because virtually all cybercrime crosses international borders, thi... read more» 
   
 





 Medical identity fraudsters target health care info, experts say 
 (from TechTarget at 5-3-2010) 
 Online criminals know that medical records are a goldmine, and they are using the data to steal drugs or peek into others' medical history, health care security experts said. We are seeing fraudsters stealing identities, going to a pharmacy and stealing drugs," Simon Chan, senior IT security architect at pharmacy benefits management provider Express Scripts, said during a panel discussion at the RSA Conference 2010. Criminals also are seeing doctors with stolen identities, he said.... read more» 
   
 





 Hacking human gullibility with social penetration 
 (from The Register at 5-3-2010) 
 Security penetration testers Mike Bailey and Mike Murray rely plenty on attacks that exploit weaknesses in websites and servers, but their approach is better summed up by the famous phrase "There's a sucker born every minute". That's because so-called social penetration techniques are more reliable and easier to use in identifying chinks in client fortresses, the principals of Mad Security said Wednesday. That's true even for organizations that place a high premium on security and train their... read more» 
   
 





 McAfee warns corporations of source code weakness 
 (from ZDNet at 5-3-2010) 
 The type of software used by corporations to house source code, targeted by criminals in the recent attacks on Google and others, is generally weak in security protection, McAfee researchers said on Wednesday. McAfee analysed a commonly used software for housing intellectual property called Perforce and released its findings during a session at the RSA security conference in San Francisco.... read more» 
   
 





 RSA 2010: Researchers dissect ZeuS botnet blueprint 
 (from v3 at 5-3-2010) 
 A little knowledge and a couple thousand dollars is all it takes to build a fully-functional botnet, say researchers. On Thursday morning Cisco researchers Patrick Peterson and Henry Stern told delegates at the 2010 RSA conference in San Francisco that a botnet running the infamous ZeuS malware can be built for roughly $2500.... read more» 
   
 





 White House Cyber Czar: ‘There Is No Cyberwar’ 
 (from Wired at 5-3-2010) 
 Howard Schmidt, the new cybersecurity czar for the Obama administration, has a short answer for the drumbeat of rhetoric claiming the United States is caught up in a cyberwar that it is losing. “There is no cyberwar,” Schmidt told Wired.com in a sit-down interview Wednesday at the RSA Security Conference in San Francisco. “I think that is a terrible metaphor and I think that is a terrible concept,” Schmidt said. “There are no winners in that environment.” Instead, Schmidt said the gover... read more» 
   
 





 Child pxxx, ID theft drive record cyber crime in Japan 
 (from Yahoo at 5-3-2010) 
 Internet crime in Japan jumped to a new record last year, led by ID theft and database attacks, child pornography posts and copyright violations, the national police agency said Thursday. Police made arrests or took other action in 6,690 cases in 2009, up 5.8 percent from the previous year and the highest figure since data was first collated in 2000. The number has more than doubled in four years.... read more» 
   
 





 eBay scammer gets four years 
 (from The Register at 5-3-2010) 
 The leader of a UK-based gang who made millions selling counterfeit luxury golf kit and other knock-off goods through auction site eBay has been jailed for four years. Gary Bellchambers and six others ran what is reckoned to be the biggest ever such scam between June 2003 and March 2008. Their fraud was eventually rumbled by a trading standards team at Havering Council, who were put on the trail of the fraudsters by pensioner Christine Manz.... read more» 
   
 





 NSA, cryptoexperts jab at RSA Conference 2010 Cryptographers' Panel 
 (from SearchSecurity at 5-3-2010) 
 The annual Cryptographers' Panel at the RSA Conference 2010 is part state of the union on cryptography and security, and part homage to the pioneers of encryption. It can be a dizzying discussion on hash functions and broken encryption algorithms; a nirvana for nerds. But this year, however, the Shamirs, Rivests and Diffies and Hellmans of the cryptoworld were joined on stage by the National Security Agency, making for a bit of good natured contention as well.... read more» 
   
 





 US building top cyber defense team: Napolitano 
 (from Yahoo at 5-3-2010) 
 The United States is building an elite cyber defense team to guard the nation's public and private computer systems, Homeland Security Secretary Janet Napolitano said Wednesday. "We need the best brains we can bring to bear on meeting the challenge," Napolitano told computer security specialists at a premier RSA Conference here. "We are building one of the best teams anywhere, but our success depends in no small part on our ability to collaborate with the private sector."... read more» 
   
 





 Cyber-terrorism a real and growing threat: FBI 
 (from Yahoo at 5-3-2010) 
 Terrorists, crooks and nation states are ramping up cyberassaults that are eating away at data, cash and security in the United States, the head of the FBI said. "The risks are right at our doorsteps and in some cases they are in the house," Federal Bureau of Investigation chief Robert Mueller said in a speech at an RSA Conference of computer security professionals on Thursday."Working together we can find the people taking shots at us and stop those attacks."... read more» 
   
 





 Microsoft's Ballmer: 'For the cloud, we're all in' 
 (from Computer World at 5-3-2010) 
 Microsoft is betting the cloud will deliver it and its customers the most opportunities for innovation and development. And according to CEO Steve Ballmer, five key reasons are driving the company's confidence in - and technology strategy for - cloud computing in the coming years. "For the cloud, we're all in," said Ballmer during an address and live Webcast at the University of Washington's Paul G. Allen Center for Computer Science & Engineering in Seattle. "Literally, I will tell you we are... read more» 
   
 





 US urges 'action' needed to fight net attacks 
 (from BBC at 5-3-2010) 
 Homeland Security secretary Janet Napolitano has admitted there is an urgent need to step up efforts to protect Americans from cyber attacks. Her comments at the world's largest security conference hosted by vendor RSA, comes as the cyber threat grows ever more sophisticated. Incidents like the attack on Google in China have underscored the issue. "We need to do more and we need to do it faster," Secretary Napolitano told the audience in San Francisco. She said the government was working with... read more» 
   
 





 Accused Spanish Hackers Used a Kit To Take Over PCs 
 (from hostexploit at 5-3-2010) 
 Spanish authorities say they have nabbed the hackers behind the Mariposa botnet. The botnet, which was developed for large-scale theft of information, took control of more than 13 million computers in 190 nations. Three Spanish citizens identified by initials, F.C.R., 31, of Balmaseda; J.P.R., 30, of Molina de Segura; and J.B.R., 25, of Santiago de Compostela, were arrested for their role in creating the network , according to the Guardia Civil. The botnet stole personal and sensitive informa... read more» 
   
 





 National Title-Check System Closes Some Scammer Loopholes 
 (from hostexploit at 5-3-2010) 
 Would you believe that up until now there hasn't been a true database for vehicle titles, supervised by the federal government? It's finally here; by January 1 of this year, all states were required to be fully participating in the Anti-Car Theft Act and associated regulations. The fruits of the effort are on offer at www.vehiclehistory.gov, in a site that's intended as a base for car shoppers, car dealers, insurers, and law enforcement officials. Instead of making do with a patchwork of d... read more» 
   
 





 Mastermind of World's Worst Computer Virus Still at Large 
 (from FOXNews at 4-3-2010) 
 Spanish authorities who dismantled a network of up to 12.7 million virus-infected, data-stealing computers said Wednesday the mastermind of the scam remains a mystery, even though three alleged ringleaders have been arrested. The "botnet" of infected computers included PCs inside more than half of the Fortune 1,000 companies and more than 40 major banks, police said. The tainted computers stole credit card numbers and online banking credentials. Spanish investigators, working with private ... read more» 
   
 





 Microsoft Security Bulletin Advance Notification for March 2010 
 (from Microsoft at 4-3-2010) 
 Executive Summaries This advance notification provides a number as the bulletin identifier, because the official Microsoft Security Bulletin numbers are not issued until release. The bulletin summary that replaces this advance notification will have the proper Microsoft Security Bulletin numbers (in the MSyy-xxx format) as the bulletin identifier. Affected Software : Windows XP Windows Vista Windows 7 Microsoft Office XP Microsoft Office 2003 2007 Microsoft Office System Microsoft... read more» 
   
 





 'Celestial alignment' for ideal cybercrime world 
 (from zdnetasia at 4-3-2010) 
 The availability of high-grade Trojans, simple but easily executed distribution techniques and the bad global economy are three elements that are in "celestial alignment" today to create a cybercrime haven. This perspective was put forth by Uri Rivner, head of new technologies at RSA, the security division of EMC. Speaking Wednesday in a presentation at the RSA Conference, he noted that security practitioners need to view the fraud environment as an "ecosystem" where cybercriminals are compet... read more» 
   
 





 RSA: IT security pros get raises despite recession 
 (from ComputerWorld at 4-3-2010) 
 (ISC)2 used the RSA Conference 2010 as the backdrop to release survey results that will probably raise eyebrows among those who have lost jobs and struggled to find new ones in the aftermath of the Great Recession. According to its 2010 Career Impact Survey, more than half of the 2,980 information security professionals polled between December and January received salary increases in 2009, while less than five percent of participants lost their jobs -- a smaller number than one might expect g... read more» 
   
 





 Security B-Sides: Perfect Authentication Remains Elusive 
 (from CSOonline at 4-3-2010) 
 For years, leaders of the security industry have warned that passwords have outlived their usefulness. Users pick easy-to-crack passwords like the name of a dog or a favorite movie. They're written on post-it notes and left sticking to the monitor for all to see. Multi-factor authentication -- using more than one form of authentication to verify the legitimacy of a transaction via smart cards, tokens or biometrics, for example -- is often held up as the alternative; an end to insanity. The... read more» 
   
 





 Tech Companies Partner in Web Identity Access Effort 
 (from EWeek at 4-3-2010) 
 Google, PayPal, Equifax and others announced today at the RSA Conference in San Francisco that they are working together to build trust in online identity management through an alliance known as the Online Identity Exchange (OIX). Several major corporations, including tech industry heavyweights Google, VeriSign and CAannounced today at the RSAConference 2010 they will join forces to form the Open Identity Exchange.... read more» 
   
 





 Nigerian 419 scam messages are not from Africa, experts say 
 (from TechTarget at 4-3-2010) 
 Linguistic clues helped two researchers trace the 419 messages and determine that many of them are potentially sent by cybercriminals in Eastern Europe or Asia. Harriet Ottenheimer, a professor of anthropology and American ethnic studies at Kansas State University, teamed up with her son, Davi Ottenheimer, president of security consultancy FlyingPenguin, to conduct the research. They say the results could be used in the future by enterprises to scan and warn recipients that the messages are a ho... read more» 
   
 





 Customer gets say during responsible vulnerability disclosure panel 
 (from TechTarget at 4-3-2010) 
 Stanley represents the often overlooked voice in vulnerability disclosure debates -- the customer. Too often these debates are viewed only from the researcher or vendor perspective, but a panel discussion at RSA Conference 2010 today brought in Stanley, a big Microsoft and Adobe customer, and put him on the same dais. Stanley wasted little time making his displeasure known; he was quick to toss cold water on some opening remarks from Metasploit creator HD Moore on the exposure timeframe fro... read more» 
   
 





 How much is fraud costing you, it could be more than you think! 
 (from abcnetworking at 4-3-2010) 
 Fraud is estimated to cost the UK economy between £13bn and £20bn every year! This equates to a cost of £330 for every person in the country, every man, woman and child which is paid for through higher charges for goods and services and through higher taxes. The cost of every act of fraud is passed onto the end consumer to pay for it. On average 6% of an organisation’s annual revenue is lost to fraud and 58% of these fraudulent activities are committed due to inadequate controls within the b... read more» 
   
 





 Illegal Net access jumps to record high in 2009+ 
 (from Breitbart at 4-3-2010) 
 Police uncovered and took action in a record number of cases of unauthorized access to Internet sites in 2009, a National Police Agency survey showed Thursday. The number of cases in which illegal Net access was recognized by police surged 22.1 percent from the previous year to 2,795 in 2009, the highest since the agency began compiling data in 2000.... read more» 
   
 





 Cyber crime fight 'begins outside the home' 
 (from ABC at 4-3-2010) 
 A leading internet security specialist is calling on governments to make it illegal for computer manufacturers to sell products that are vulnerable to attacks from cyber criminals. His call coincides with the arrest in Spain of three of the alleged ringleaders running one of the world's biggest networks of zombie computers.... read more» 
   
 





 Software Security – The State of Things 
 (from digitalbond at 4-3-2010) 
 For those of us that are looking at security every day, there are few surprises here. What we have to do if find ways to educate people that there is a problem. That’s where reports like this can be useful. Here are Veracode’s key observations: 1.) Most software is indeed very insecure. 2.) Third-party software is a significant percentage of the enterprise software infrastructure, and third-party components are a significant percentage of most applications.... read more» 
   
 





 Cyber-criminals target young people, say IT experts 
 (from hostexploit at 4-3-2010) 
 Cyber-threats are real and require a global effort to keep young people safe, participants in a two-day Tunis conference on cyber-safety said last week. Increasing internet awareness will protect youth and make legal frameworks in the internet sector more efficient, said Tunisian Minister of Communication Technologies Mohamed Naceur Ammar.... read more» 
   
 





 Webcast - Virtualisation and Security 
 (from The Register at 4-3-2010) 
 Date & Time : 10th March 2010. 3:30pm IST Virtualisation is now a viable offering that is being used to support a growing number of services on server and desktop systems. So with more and more systems being deployed using a variety of virtualisation platforms, the next questions to consider are "does this change our approach to security?", and "do we need to alter our stance on High Availability / Disaster Recovery?" These are the questions we'll be looking to answer during this live o... read more» 
   
 





 Cyber Tasks Intelligence Community 
 (from hostexploit at 4-3-2010) 
 The U.S. intelligence community may be a beneficiary of increased government funding for cyberspace, but it is facing considerable acquisition challenges before it commits to spending money in that pipeline. These issues range across the entire technology acquisition realm of the intelligence community. However, cyber technology in particular places a different emphasis on acquiring and moving new systems to the customer.... read more» 
   
 





 What the cyberecurity bill is really about 
 (from onlinejournal at 4-3-2010) 
 Remember the Copenhagen “Climate Conference” when the global warming scam and propaganda machine was outed by a hacker and the Internet? You know, the one where a new Guinness record was set for the number of Lear jets and limos parked in one spot? The real hoot, though, was America’s MSM at Copenhagen (outed along with their bosses behind the curtain) with their deafening silence about the global warming scam -- the biggest hoax of this century so far.... read more» 
   
 





 Homeland Security is recruiting new cyber-warriors 
 (from San Francisco Chronicle at 4-3-2010) 
 Cyber-security researchers in the private sector have lamented for many years that collaborations with government officials on addressing cyber-threats have been very few and far in between. But at this year's RSA conference, an annual gathering of cyber-security industry professionals, not only have top government representatives stressed their desire to work closely with the private sector in stemming the growing tide of security problems -- they want some of them to quit their current jobs... read more» 
   
 





 Google China hack is just the tip of the iceberg, RSA Conference told 
 (from Computer Weekly at 4-3-2010) 
 China-based hacks of Google and more than 20 other companies are just the tip of the iceberg, says internet security expert and crime investigator Ira Winkler. China acknowledges that they lag in technology, so they are focused on acquiring technology through every means possible, particularly missile and satellite technologies, he said.... read more» 
   
 





 RSA 2010: Countries must work together or fail on cyber security 
 (from Computer Weekly at 4-3-2010) 
 All countries should make rapid information sharing in response to cyber attacks a top priority, according to an international cyber security panel at RSA 2010 in San Francisco. All domestic cyber attack response plans should include international collaboration so that we can respond as one world to this common threat, said Philip Reitinger, of the US Department of Homeland Security in charge of the US Cert and Visit programme.... read more» 
   
 





 How prepared are you for Cyber Attacks? 
 (from greenracksystems at 4-3-2010) 
 The AFCOM association, whose members include 4,500 administrators from 3,900 data centers around the world surveyed 436 data center sites last year. Some of the findings of the survey indicated that cyberterrorism is an increasing concern, mainframe deployment is on the decline, storage deployment is on the rise, and “green” technologies are definitely happening. It was found that there is a shift in data centers away from mainframe computers and toward other types of servers.... read more» 
   
 





 APAC shoppers get more password-savvy 
 (from zdnetasia at 4-3-2010) 
 Shoppers in the Asia-Pacific region are leveraging sound password practices to combat online payment fraud, a new study commissioned by Visa has revealed. The use of different passwords or personal identification numbers (PINs) for different purposes was one of the top ways consumers employed to keep fraud at bay in the last 12 months, according to a statement issued Thursday from the payment provider. ... read more» 
   
 





 File transfer technologies under increased scrutiny 
 (from SecurityPark at 4-3-2010) 
 File transfer technologies have been around for over 30 years, but recent evolutionary changes in business needs have resulted in significant improvements to file transfer solutions from a security, management and governance perspective. Unfortunately, just as we become comfortable with modern managed file transfer solutions companies must now better manage how their employees share and exchange information. Today, IT departments not only need to enable person-to-server and system-to-system i... read more» 
   
 





 Weakness Discovered in Common Digital Security System 
 (from ScienceDaily at 4-3-2010) 
 RSA authentication is a popular encryption method used in media players, laptop computers, smartphones, servers and other devices. Retailers and banks also depend on it to ensure the safety of their customers' information online. The scientists found they could foil the security system by varying the voltage supply to the holder of the "private key," which would be the consumer's device in the case of copy protection and the retailer or bank in the case of Internet communication. It is highly... read more» 
   
 





 ‘Google’ Hackers Had Ability to Alter Source Code 
 (from Wired at 4-3-2010) 
 The hackers who targeted Google and other companies in January targeted the source code management systems of companies, allowing them to siphon source code as well as modify it, according to a new report. More importantly, systems that the companies used to develop and manage their source code have numerous security flaws that would allow easy compromise of a company’s intellectual property. The same systems are used by numerous other companies who may not realize that their source code is o... read more» 
   
 





 Google Is Considering Dropping Street View in Europe 
 (from Softpedia at 4-3-2010) 
 Google is playing hardball in Europe over the latest Street View dispute and is now saying it's considering dropping the producing in the old continent if EU's latest plans to require Google to remove all raw, unblurred images it holds every six months as opposed to a year like it does now. More specifically, Google says that it may not make another round of shooting around all the European cities as it could become prohibitively expensive. “I think we would consider whether we want to drive... read more» 
   
 





 Lawyer questions FCC's authority on net neutrality rules 
 (from MacWorld at 4-3-2010) 
 The U.S. Federal Communications Commission lacks the statutory authority to make network neutrality rules prohibiting broadband providers from selectively blocking or slowing some Internet traffic, a former U.S. solicitor general said Wednesday. If the FCC wants the authority to proceed with its net neutrality, or open Internet, rulemaking proceeding, it should go to Congress to get permission, said Gregory Garre, who served as solicitor general, the U.S. government’s lawyer before the Suprem... read more» 
   
 





 RSA 2010: Researchers seek balance in security hype 
 (from v3 at 4-3-2010) 
 Some of the leading researchers in the security industry have warned administrators about the dangers of over-hyping threats. A panel of researchers at the RSA conference in San Francisco, including Dan Kaminsky of IOactive and Tom Cross of IBM X-Force, advised administrators to take warnings of impending security crises with a pinch of salt.... read more» 
   
 





 How cybercriminals invade social networks, companies 
 (from usatoday at 4-3-2010) 
 "Hey Alice, look at the pics I took of us last weekend at the picnic. Bob" That Facebook message, sent last fall between co-workers at a large U.S. financial firm, rang true enough. Alice had, in fact, attended a picnic with Bob, who mentioned the outing on his Facebook profile page.... read more» 
   
 





 The Real Meaning Of Cyberwarfare 
 (from Forbes at 4-3-2010) 
 Connect the dots between reports of Chinese cyberspying, crippling network attacks in South Korea and Estonia and the U.S. military's ramping up of cyber capabilities, and it would seem that a third World War is underway on the Internet.... read more» 
   
 





 Security Risks 2010 
 (from Forbes at 4-3-2010) 
 Forty years ago, Alvin Toffler wrote that the world was entering a state of "future shock," the disorientation that occurs when our environment changes faster than we can adapt to it. Today, Toffler's phenomenon is happening in every networked country in the world: Our lives transfer from atoms to bits faster than ever, and we struggle to keep up.... read more» 
   
 





 There's no 'point' to security anymore 
 (from scmagazineus at 4-3-2010) 
 The era of providing complete protection by installing multiple best-of-breed security products has passed. Today's world of sophisticated malware, targeted threats and multi-stage attacks requires security that is smart, cross-linked and interoperable. Security must extend well beyond the traditional disparate defenses that form a broken safety net made up of point tools. Let's look at the past year and discuss two cyberattacks that gained a lot of attention and made headlines around the wor... read more» 
   
 





 Nation's cybersecurity suffers from a lack of information sharing 
 (from Federal Computer Week at 4-3-2010) 
 The lack of trust between the public and private sectors continues to inhibit the sharing of information needed for the nation to effectively defend against rapidly evolving cyberthreats, a panel of industry experts and former government officials said Tuesday. “We need to have more transparency in the public-private partnership,” said Melissa Hathaway, former White House advisor who conducted last year’s comprehensive review of government cybersecurity. “The trust does not exist between the ... read more» 
   
 





 U.S. Security Agencies Begging for a Cybersecurity 'Cold War' 
 (from huffingtonpost at 4-3-2010) 
 So the U.S. security establishment is salivating at the prospect of a new cybersecurity "Cold War." In an over-the-top op-ed in Tuesday's Washington Post, Mike McConnell issues a declaration that we are "fighting a cyber war today" and compares it to the nuclear showdown with the Soviets. McConnell exemplifies the security establishment as much as anyone -- former director of the National Security Agency (NSA), former Director of National Intelligence, and currently executive vice president at B... read more» 
   
 





 Tracing attack source key to cybersecurity strategy, Chertoff says 
 (from ComputerWorld at 4-3-2010) 
 The difficult task of identifying the true sources of cyber attacks remains one of the biggest challenges in the development of a national cybersecurity strategy, former Department of Homeland Security Secretary Michael Chertoff told Computerworld in an interview at the RSA Security conference here today. Chertoff, who is participating in a panel discussion at the conference, said there is a growing need for the U.S to create a strong, formal strategy for responding to cyberattacks against Am... read more» 
   
 





 N. Korea develops own OS - Red Star 
 (from Korea Herald at 4-3-2010) 
 North Korea's self-developed software operating system named the "Red Star" was brought to light for the first time by a Russian satellite broadcaster yesterday. North Korea's top IT experts began developing the Red Star in 2006, but its composition and operation mechanisms were unknown until the internet version of the Russia Today-TV featured the system, citing the blog of a Russian student who goes to the Kim Il-sung University in Pyongyang.... read more» 
   
 





 Financial Services Firms Ripe for Data Attacks 
 (from InternetNews at 4-3-2010) 
 Sloppy operating practices across the financial services sector leave firms vulnerable to breaches that could expose sensitive data or put customers' and employees' privacy at risk, according to a new study from the Ponemon Institute. The study, commissioned by enterprise software and consulting firm Compuware , identified several key areas where financial services companies could take a hit from loose data policies, including damage to the corporate brand and the erosion of consumer trust.... read more» 
   
 





 Dutch Internet wiretaps grow exponentially 
 (from The Industry Standard at 4-3-2010) 
 The Dutch police and intelligence services tapped at least 3350 internet connections in 2009. An increase of 385 percent since 2006. The number of internet wiretaps by the Dutch government has exploded in recent years, reveals Dutch ict-newssite Webwereld. There is political uproar about the explosive growth of these numbers, which up until now have been secret. Two left-wing political parties demand written explanations of the Ministry of Justice. They fear huge privacy violations, because t... read more» 
   
 





 RSA 2010: Hackers using legitimate cloud services for dark ends 
 (from v3 at 4-3-2010) 
 Hacking groups are using legitimate cloud services such as Amazon to facilitate malware creation and password cracking delegates at RSA 2010 heard. The Russian Business Network (RBN), one of the most powerful and extensive malware and hacking organisations, has been buying time on Amazon's EC2 cloud platform to both build malware and attack passwords according to Ed Skoudis, founder of security consultancy InGuardians. “Bad guys can use the cloud to improve operations just as we can,” he said... read more» 
   
 





 RSA 2010: Panel mulls security regulation 
 (from v3 at 4-3-2010) 
 With data breaches and network infiltration attacks increasingly targeting enterprises, a group of security experts weighed the pros and cons of getting the government involved in IT security Wednesday at the 2010 RSA conference in San Francisco. Former US Homeland Security Michael Chertoff joined Electronic Privacy Information Center executive director Marc Rotenberg and Good Harbor Consulting chairman Richard Clarke to discuss just what steps the government should take to protect businesses... read more» 
   
 





 Latest VB test no match for spam filters 
 (from v3 at 4-3-2010) 
 Anti-spam vendors got something to cheer about Wednesday with the release of the latest Virus Bulletin (VB) spam test. The security publisher said that all 16 of the products tested were able to pass and earn the VB certification. The test pitted the spam filters against a package of more than 250,000 emails both legitimate and spam. Vendors were graded on both the ability to block spam messages and "false positive" situations where legitimate e-mails are marked as spam.Testers found that eve... read more» 
   
 





 How To Fight The New Cyberspies 
 (from Forbes at 4-3-2010) 
 Welcome to the third wave of the corporate cyber wars. At the beginning of the last decade, the "hacker threat" was what cybersecurity researchers now describe as a pimply teenager in his mother's basement whose idea of a master plan was to write his pseudonym across AOL's home page. Then came the second wave of digital miscreants, organized cybercriminal gangs that operated quietly and turned identity theft into a vast criminal conspiracy.... read more» 
   
 





 Privacy protection essential in fight against cybercriminals, experts say 
 (from TechTarget at 4-3-2010) 
 Former government officials and experts stressed the need for protecting the privacy and civil liberties of U.S. citizens despite the growing need of the federal government to help thwart attacks against the networks of privately owned critical infrastructure. The federal government can play a role in protecting private networks from cyberattacks, but in a way that doesn't trample on civil liberties, say two of three expert panelists at the 2010 RSA Conference. The panelists discussed whether... read more» 
   
 





 McAfee Says Hackers Sought Companies’ ‘Crown Jewels’ (Update2) 
 (from Businessweek at 4-3-2010) 
 McAfee Inc., exploring the cyber attacks originating from China, discovered at least six incidents in which hackers broke into the computer systems that companies use to house valuable intellectual property. “We know that these systems were absolutely targeted for the crown jewels of each organization -- potentially representing billions of dollars,” George Kurtz, McAfee’s chief technology officer, said today in an interview from Santa Clara, California. “We want to shed light on a problem th... read more» 
   
 





 Haiti relief email scams still circulate - U.S. Federal Trade Commission web site advises of dos and don’ts 
 (from SunbeltBlog at 4-3-2010) 
 U.S. Federal Trade Commission web site advises those making donations for victims of the Jan. 12 Haiti earthquake to read their web page of dos and don’ts: http://consumer.gov/ncpw/helping-haiti-give-wisely/ and check the InterAction web site for a description of legitimate charities at: http://www.interaction.org/crisis-list/earthquake-haiti InterAction is the largest coalition of U.S.-based international nongovernmental organizations focused on the world’s poor and most vulnerable peo... read more» 
   
 





 The dangers and delights of the web 
 (from Computing at 4-3-2010) 
 Having spent many a column espousing the wonders of the internet, my final column will sound a warning on the dangers.The first is anonymity. This can be a curse and a blessing online. Sites such as Wikileaks – which desperately needs funding to stay open – provide a valuable place where information can be put into the public domain anonymously. But there is a flip side. Glance at the comments below any newspaper opinion article and you will be given a whirlwind tour of the most unpleasant as... read more» 
   
 





 Users fear big Chinese Twitter-like site may not reopen 
 (from mis-asia at 4-3-2010) 
 A popular Chinese microblog service shut down last July amid ethnic riots in China triggered concern among users on Tuesday that it may not reopen. Fanfou was one of several Twitter-style sites in China that was shut down as part of a communications clampdown after ethnic violence that took nearly 200 lives in the country's western Muslim region, Xinjiang. Some of the Web sites have since reopened but Fanfou has remained down, and by Tuesday its developers' blog had been revamped as a login s... read more» 
   
 





 Creating a Safer, More Trusted Internet 
 (from windowsteamblog at 4-3-2010) 
 The RSA Security Conference is underway this week in San Francisco and Microsoft's own Scott Charney, Corporate Vice President Trustworthy Computing, delivered one of yesterday's keynote addresses: Creating a Safer, More Trusted Internet. The keynote centered on Microsoft's Trustworthy Computing initiative, our End to End Trust vision, and how we have been working to further protect the security and privacy of for all the users of the Internet.... read more» 
   
 





 Monthly Blog Round-Up – February 2010 
 (from Chuvakin at 4-3-2010) 
 As we all know, blogs are a bit "stateless" and a lot of useful security reading material gets lost since many people, sadly, only pay attention to what they see today. These monthly round-ups is my attempt to remind people of useful content from the past month! If you are “too busy to read the blogs,” at least read these. So, here is my next monthly "Security Warrior" blog round-up of top 5 popular posts/topics. 1. Our PCI DSS panel at ShmooCon (“ShmooCon 2010 – Our PCI DSS Panel”) wa... read more» 
   
 





 Basis Technology Government Users Conference 
 (from Basis Technology at 4-3-2010) 
 Join your fellow language and technology professionals at the premier industry conference on the applications of Human Language Technology (HLT) to all branches of national government. Basis Technology’s Government User Conference is a unique opportunity to discover the impact that HLT is making in such applications as document and media exploitation (DOMEX), human intelligence (HUMINT), signals intelligence (SIGINT), geospatial intelligence (GEOINT), and other disciplines which require colle... read more» 
   
 





 Microsoft exec pitches Internet usage tax to pay for cybersecurity programs 
 (from The Hill at 4-3-2010) 
 A top Microsoft executive on Tuesday suggested a broad Internet tax to help defray the costs associated with computer security breaches and vast Internet attacks, according to reports. Speaking at a security conference in San Francisco, Microsoft Vice President for Trustworthy Computing Scott Charney pitched the Web usage fee as one way to subsidize efforts to combat emerging cyber threats -- a costly venture, he said, but one that had vast community benefits.... read more» 
   
 





 Too many passwords? 
 (from viruslist at 4-3-2010) 
 How many web sites do you log into? Your bank? Facebook, Myspace and any number of other social networking sites? Auction sites? Shopping sites? Maybe lots of others too. Every site, of course, requires you to create a password. And if the site is serious about security, it may even set certain rules. For example, it may insist that your password is at least eight characters, or must contain non-alpha-numeric characters, or must use at least one uppercase letter, etc. The problem is, with so ... read more» 
   
 





 Argos exposes customers' credit-card numbers in emails 
 (from PCPRO at 4-3-2010) 
 High street retailer Argos has compromised its customers' security by sending their credit-card details - including the vital security code - in unencrypted emails. The company has been including the customer's full name, address, credit-card number and three-digit CCV security code in order confirmation emails, which are sent once a customer has placed an order on the Argos website. Although the credit-card details don't appear in the text of the email itself, they are contained - in plain t... read more» 
   
 





 10 questions you should ask about social media and data security 
 (from The Infosec Group at 4-3-2010) 
 Don’t look now, but social media is everywhere. Try as you may to escape it, you simply can’t. The reason for that universality is that social media, simply put, delivers on the promise. It is therefore difficult to tell a business that they should refrain from using social media as a growth vector, and indeed, such is not our message. However, it would be foolish to venture into this new set of business processes without carefully analyzing not only what the business can gain from it, but... read more» 
   
 





 Four things you should know about data breaches 
 (from The Infosec Group at 4-3-2010) 
 It seems that each day brings news of another collection of data breaches. A question I am asked regularly is “What should I know about data breaches?” Excellent question indeed! Let’s quickly review the salient points raised by this question, and what can be done to palliate these issues. 1. What is a data breach? Anytime information falls into the hands of an “unauthorized third-party”, it is technically a data breach. Basically, it is a loss of confidentiality for a given data item.... read more» 
   
 





 National Fraud week aims to help avoid scams 
 (from Computer World at 4-3-2010) 
 The Australian Competition and Consumer Commission (ACCC) has issued two new publications to help small business and consumers avoid scams as part of National Fraud Week. The publications, Tips for a fine time shopping online and Small Business Scams, are aimed at raising awareness of crime, including a growing number of online scams. The publications comes as the ACCC reports it has recorded a 100 per cent increase in reports about online shopping scams, according to ACCC deputy chair Peter ... read more» 
   
 





 Microsoft's Ideas for Making PCs Safer 
 (from Yahoo at 4-3-2010) 
 In his keynote at the RSA conference Tuesday, Microsoft's Scott Charney, corporate vice president of their Trustworthy Computing Group, raised several ideas for improving the general security of users on the Internet. One was to bring outside administration to consumer PCs. Enterprise PCs have lots of security problems, but they are much better protected than consumer PCs in part because such companies have IT departments that can administer PCs and exercise authority over them, for instance ... read more» 
   
 





 US lifts lid on top secret plan for internet security 
 (from BBC at 4-3-2010) 
 The White House has declassified parts of a top secret plan outlining how government will protect the nation's computer networks from cyber warfare. The announcement by cybersecurity tsar Howard Schmidt was made at the world's biggest security event.The move is aimed at encouraging greater co-operation between academia, government and the private sector."We have to fully recognise the importance cybersecurity has in our lives," Mr Schmidt said.... read more» 
   
 





 Korean, Japanese Netizens Wage ‘Cyber War’ 
 (from hostexploit at 4-3-2010) 
 Netizens in Korea and Japan yesterday waged a war online by rapidly raising Web traffic and disturbing each other’s servers. At 1 p.m., a posting uploaded on Korea’s social networking Web site DC Inside urged users to attack Japan’s famous Web site 2ch. Around two minutes later, both of the sites began posting the message, “Access difficult due to too much traffic.”... read more» 
   
 





 FTC Halts Massive Cramming Operation that Illegally Billed Thousands; Alleges Scam Took in USD19 Million over Five Years 
 (from hostexploit at 4-3-2010) 
 A U.S. district court judge has ordered a halt to the illegal practices of an Internet services company that crammed unauthorized charges onto the telephone bills of thousands of consumers and small businesses for services they never agreed to buy. At trial the Federal Trade Commission will ask the court to halt the practices permanently and force the defendants to give up their ill-gotten gains. The FTC charged that Inc21 and its affiliated companies sold Internet services, including Web sit... read more» 
   
 





 Attacks on Google may have been work of amateurs 
 (from ComputerWorld at 4-3-2010) 
 Contrary to general perception, the recent cyberattacks against Google and more than 30 other high-tech companies were carried out by relatively unsophisticated attackers using outdated botnet tools, according to Damballa, an Atlanta-based security firm. The company, which offers a range of botnet protection services, released a report Tuesday based on what it said was a detailed analysis of the data surrounding the attacks, the malware that was used and the command and control topologies use... read more» 
   
 





 Israel aborts raid after soldier posts details on Facebook 
 (from Yahoo at 3-3-2010) 
 Israel's military and one of its soldiers are no longer "friends" after the gunner posted details of an impending West Bank raid on his Facebook page, leading to the mission being aborted, the army and media reports said on Wednesday. The soldier from an artillery unit updated his page on the social networking site, saying "on Wednesday we are cleaning Qatanna, and on Thursday, God willing, going home," army radio reported. Other soldiers in the unit, who saw the posting, alerted their off... read more» 
   
 





 Botnets cause surge in February spam 
 (from CNet at 3-3-2010) 
 Spam now accounts for close to 90 percent of all e-mail worldwide due to a surge in February, according to Symantec. Two botnets named Grum and Rustock helped push spam levels up 5.5 percent in February over the prior month, according to the security firm's report. After doing business as usual over the past year, Grum suddenly sprang to life in February, increasing the amount of spam it generated by 51 percent. As a result, the botnet is now to blame for 26 percent of all global spam.... read more» 
   
 





 Securing The Link Between Web Applications And Databases 
 (from DarkReading at 3-3-2010) 
 Web applications are rich targets for attackers. Available to anyone, from anywhere, these apps are designed for accessibility -- and are also often gateways to valuable data stored deep within an organization. How can you make your applications and data available to a wide variety of employees, customers, and partners without also exposing your most sensitive database information? This conundrum is the subject of Dark Reading's newest Database Security Tech Center report, "Protecting Databas... read more» 
   
 





 EU gives obscure browsers a big chance 
 (from CNet at 3-3-2010) 
 It took Mozilla more than five years of concerted effort and a lucrative partnership with Google to dent Internet Explorer's dominance. But maybe it doesn't have to be so hard. Courtesy of an antitrust case against Microsoft in the European Union, several small-fry browsers are getting a helping hand that could boost their efforts to attain relevance. At least as long as Europeans notice a particular scroll bar. "The ballot represents an enormous opportunity for Maxthon," said Ron White, a... read more» 
   
 





 Spam plague in February and more to come 
 (from NetworkWorld at 3-3-2010) 
 Spam levels in Hong Kong reached 90.6 per cent and virus activity in China was the highest in the world in February, according to Symantec's latest MessageLabs Intelligence Report. In Singapore, one out of every 319.2 e-mails contained a virus in a period when the total spam volume globally increased by about 25 per cent. The research revealed a surge in spam levels in February 2010 to make up 89.4 per cent of all e-mails, an increase of 5.5 per cent from January with pharmaceutical spam ... read more» 
   
 





 Narus develops a scary sleuth for social media 
 (from ComputerWorld at 3-3-2010) 
 Narus is developing a new technology that sleuths through billions of pieces of data on social networks and Internet services and connects the dots. The new program, code-named Hone, is designed to give intelligence and law enforcement agencies a leg up on criminals who are now operating anonymously on the Internet. In many ways, the cyber world is ideal for subversive and terrorist activities, said Antonio Nucci, chief technology officer with Narus. "For bad people, it's an easy place to ... read more» 
   
 





 House targets cyber bullying 
 (from newsandsentinel at 3-3-2010) 
 The House of Delegates overwhelmingly approved a bill aimed at stopping cyber bullying by extending the computer crime act to include PDAs. The House of Delegates on Monday passed a bill 92-3 that targets comments to cause emotional or physical harm. Delegate John Ellem, R-Wood, said the measure is an extension of a computer crime law already on the books. "It is going to be like any other criminal provision," Ellem said. "The bill expanded the definition of the computer to include mobi... read more» 
   
 





 Spanish police arrest masterminds of 'massive' botnet 
 (from BBC at 3-3-2010) 
 Spanish police have revealed that they have arrested three men responsible for one of the world's biggest networks of virus-infected computers. All are Spanish citizens with no criminal records and limited hacking skills. It is estimated that the so-called Mariposa botnet was made up of nearly 13 million computers in 190 countries.... read more» 
   
 





 Panda Security and Defence Intelligence Coordinate Massive Botnet Shutdown with International Law Enforcement 
 (from Prnewswire at 3-3-2010) 
 According to IT security firms Panda Security and Defence Intelligence, the Mariposa botnet, a massive network of infected computers designed to steal sensitive information, has been shutdown and three suspected criminals accused of operating the botnet have been arrested by Spanish law enforcement. Mariposa stole account information for social media sites and other online email services, usernames and passwords, banking credentials, and credit card data through infiltrating an estimated 12.... read more» 
   
 





 Medical identity theft strikes 5.8% of U.S. adults 
 (from ComputerWorld at 3-3-2010) 
 Identity thieves are not only interested in tapping financial resources, but are also after your medical identification data and services. Medical identity theft typically involves stolen insurance card information, or costs related to medical care and equipment given to others using the victim's name. Roughly 5.8% of American adults have been victimized, according to a new survey from The Ponemon Institute. The cost per victim, on average, is $20,160. "The National Study on Medical Identity... read more» 
   
 





 RSA Preview: Looks Big, Bold 
 (from Bankinfosecurity at 3-3-2010) 
 So, I snuck into San Francisco two days early this year, thinking I'd enjoy some quiet time in the press room of the Moscone Center on the eve before the real kickoff of the 2010 RSA Conference. Boy, was I wrong. Even on Sunday the streets around the center were filled with early registrants wearing their badges and meandering between pre-show tutorials. On Monday, as the tutorials continued and special sessions were convened, the conference center started to fill. My personal baromet... read more» 
   
 





 M86 Security Finds URL Filters, Anti-Virus Scanners Ineffective 
 (from Security Pro News at 3-3-2010) 
 New data from M86 Security corroborates the widely held idea that anti-virus scanners and URL filters won't save careless Web users. Indeed, the security company estimates that more than half of all threats can evade these two means of detection, leaving people at risk from lots of nasty stuff. M86 Security's new report, "Closing the Vulnerability Window in Today's Web Environment," indicates that anti-virus scanning correctly identifies just 39 percent of Web threats, which isn't exactly im... read more» 
   
 





 Hackers industrialise cyber crime 
 (from IT Web at 3-3-2010) 
 Data security company Imperva warns that hackers have transformed and automated their attacks to make them more efficient and boost the profitability of their scams. In its latest security report, released this week, Imperva compares the industrialisation of hacking to the 19th century industrial revolution that evolved from single to mass production. The company says hacking has become a $1 trillion industry – up from a few billion just three years ago.... read more» 
   
 





 Hackers Channeling R&D Into Better Malware 
 (from CRN at 3-3-2010) 
 IT companies spend billions on R&D to improve their products and take advantage of the latest technologies. But as it turns out, so do cybercriminals, and that strategy seems to be working pretty well. Cloud computing, search engine optimization and security exploit frameworks are all examples of tools that can help both legitimate companies and hackers conduct their business more effectively, security researchers said Tuesday in a panel discussion at RSA 2010 in San Francisco.... read more» 
   
 





 RSA: Visualizing the Zeus attack against government and military 
 (from holisticinfosec at 3-3-2010) 
 The flood of raw data generated by intrusion detection systems (IDS) is often 0verwhelming for security specialists, and telltale signs of intrusion are sometimes overlooked in all the noise. Security visualization tools provide an easy, intuitive means for sorting through the dizzying data and spotting patterns that might indicate intrusion…the presentation will focus on specific tools and methodology to aid you in establishing security data visualization practices in your environment. ... read more» 
   
 





 RSA Conference: 10 up and coming security technologies 
 (from CRN at 3-3-2010) 
 CRN gets up close and personal with RSA Conference's 10 up and coming companies during the Innovation Sandbox expo.... read more» 
   
 





 Half of business apps open to security breaches 
 (from ZDNet at 3-3-2010) 
 More than half the applications used by enterprises contain vulnerabilities that could be used to launch cyberattacks similar to those suffered by Google earlier this year, according to code-testing company Veracode. That is one of the key findings of a report published on Friday by Veracode, which analysed thousands of applications and over 50 billion lines of code over the past few months. The study looked at hundreds of internally developed, open-source, outsourced and commercial applicati... read more» 
   
 





 Resembling 'cartels,' Hackers become more industrialized 
 (from ibtimes at 3-3-2010) 
 Hackers are more "industrialized" than ever before and hacking communities now resemble an organized "drug cartel", according to a report released Monday. Imperva, a data security company, found that today’s cybercrime industry has transformed and automated itself to mimic the 19th century industrial revolution, which accelerated assembly from single to mass production. There are three major roles within the industrialized hacking model. Firstly, the researcher searches for vulnerabilities in... read more» 
   
 





 More than half of applications are vulnerable to security breaches, as Microsoft confirms it is looking into an issue regarding malicious content hosting 
 (from scmagazineuk at 3-3-2010) 
 More than half of the internally developed, open source, outsourced and commercial applications are vulnerable to security breaches. A report by Veracode claims that of the 1,600 applications analysed when first submitted, 58 per cent contained vulnerabilities similar to those exploited in the recent cyber attacks on Google and others. Despite the claim about vulnerabilities in open source software, the report did find that it ‘has comparable security, faster remediation times and fewer poten... read more» 
   
 





 Spam continues to surge as URL filtering fails to spot malicious sites 
 (from scmagazineuk at 3-3-2010) 
 Spam has continued to surge in the early months of 2010, as pornography remains the most prevalent threat vector. In Symantec's February 2010 MessageLabs Intelligence Report, analysis revealed a surge in spam levels in February to 89.4 per cent, an increase of 5.5 per cent from January. It put this down to an increase in spam emanating from the Grum and Rustock botnets, with the former's output increasing by 51 per cent to make it responsible for 26 per cent of all spam, up from its usual 17 ... read more» 
   
 





 Cenzic Web Application Security Trends Report Reveals 90 Percent of Web Applications Vulnerable, Adobe One of the Most Vulnerable 
 (from Sys-con at 3-3-2010) 
 Cenzic Inc., the leading provider of Web application security solutions, today released its report revealing the most prominent types of Web application vulnerabilities for the second half of 2009. The report, which regularly gauges insecurities on the Web, finds that slow progress is being made to increase awareness, but commonly used applications are still ridden with flaws. Specifically, the report identified more than 2,165 total vulnerabilities in commercial applications, which is 82 percen... read more» 
   
 





 Manhattan launches Cybercrime and Identity Theft Bureau 
 (from thaindian at 3-3-2010) 
 The Manhattan District Attorney’s Office announced Tuesday the formation of the Cybercrime and Identity Theft Bureau. This bureau will re-focus, enhance and expand the resources and abilities of the Manhattan District Attorney’s Office to combat identity theft and complex high-technology crimes, including terrorist activity and child exploitation. ... read more» 
   
 





 Security expert urges shift in tactics against cyber attacks 
 (from Moldova at 3-3-2010) 
 Computer programmers and users should be more receptive to changing security measures to reduce the risk of being targeted by hackers. The cyber-attacks that recently targeted Google, and perhaps 100 other companies, shows that relying on “known virus scanners” is not enough. So says Roger Thompson, Chief Security Officer at AVG, a leading international computer security company.... read more» 
   
 





 US plan to make hacking harder revealed 
 (from Financial Times at 3-3-2010) 
 The Obama administration on Tuesday declassified part of its plan for making cyberspace more secure, a move meant to foster greater co-operation between government and civilian groups in an area of increasing urgency. Drafted in the final year of the Bush administration, the Comprehensive National Cybersecurity Initiative calls for greater co-operation between private companies and the National Security Agency.... read more» 
   
 





 US cyber defense strategy details hit the Internet 
 (from Yahoo at 3-3-2010) 
 The curtain was pulled back Tuesday on portions of a secret US cyber defense strategy crafted during the administration of former president George W. Bush. White House Internet security coordinator Howard Schmidt described bits of the strategy at the RSA cybersecurity conference here, saying the revelation was part of a promise of transparency by US President Barack Obama.... read more» 
   
 





 CFP for SEC-T 2010 - Information security conference 
 (from sec-t at 3-3-2010) 
 We are currently soliciting presentations for the third annual SEC-T technical security conference in Stockholm on the 9-10th of September. The theme for this year will be "OMG, it's full of stars!" and if you could weave that into your presentation somehow, that would be cool. The topics of interest for this conference are information security related, but strongly rooted in the technical realm.... read more» 
   
 





 Patching human vulnerabilities 
 (from viruslist at 3-3-2010) 
 Today’s threat landscape is very complex. Cybercriminals use a wide range of threats to hijack people’s computers and to make money illegally. These threats include Trojans of many different kinds, worms, viruses and exploit code which is designed to enable malware to make use of vulnerabilities in the operating system or applications. Cybercriminals also employ a range of sophisticated techniques to hide malware activity or to make it difficult for anti-virus researchers to find, analyse and de... read more» 
   
 





 Obama administration partially lifts secrecy on classified cybersecurity project 
 (from ComputerWorld at 3-3-2010) 
 President Barack Obama's administration has declassified portions of the highly secret multi-billion dollar Comprehensive National Cybersecurity Initiative (CNCI), which was launched by the Bush administration as part of an effort to defend American interests in cyberspace. As of 12:00 noon Pacific Time today, a document (PDF) providing high-level details of the initiative was posted on the Whitehouse.gov Web site. Some of the details that have been provided in the five page document are alre... read more» 
   
 





 Australians are slaves to the internet 
 (from News at 3-3-2010) 
 AUSTRALIANS are spending more time online, with the average user surfing the net for more than two working days a week. Generation Y is even more committed, spending the equivalent of almost a full day and night online each week. Baby Boomers are jumping on board too, spending almost as much time online as they do watching television. The details were revealed yesterday in Nielsen's 2010 Internet and Technology Report.... read more» 
   
 





 Giga-Biter In Obstruction Charge - Arrestee in federal case ate flash drive evidence during processing 
 (from The Smoking Gun at 3-3-2010) 
 In a bold and bizarre attempt to destroy evidence seized during a federal raid, a New York City man grabbed a flash drive and swallowed the data storage device while in the custody of Secret Service agents, records show. Florin Necula ingested the Kingston flash drive shortly after his January 21 arrest outside a bank in Queens, according to U.S. District Court filings. Necula and several codefendants had been transported to a Secret Service office in Brooklyn, where they were to be question... read more» 
   
 





 White House Cyber-security Plans Declassified 
 (from EWeek at 3-3-2010) 
 At the RSA Conference, White House Cyber-Security Coordinator Howard Schmidt announced that an unclassified version of the Obama administration's “Comprehensive National Cybersecurity Initiative” is now available online. In his remarks, Schmidt declared that transparency and partnership must go "hand in hand."... read more» 
   
 




 Details of 'Einstein' Cyber Shield Disclosed by White House 
 (from The Wall Street Journal at 3-3-2010) 
 The Obama administration lifted the veil Tuesday on a highly-secretive set of policies to defend the U.S. from cyber attacks. It was an open secret that the National Security Agency was bolstering a Homeland Security program to detect and respond to cyber attacks on government systems, but a summary of that program declassified Tuesday provides more details of NSA’s role in a Homeland program known as Einstein.... read more»

Disqus for ePayment News