Saturday, March 20, 2010

Internet (Lack of) Security News Ending March 20th

This Free IT-Security news feed was compiled and is provided by E-Secure-IT; the most comprehensive and complete Business Risk Management Intelligence Service and IT-Security Risk and Threat Early Warning Service available in the market today.  They offer a 30 day complimentary subscription. 

Visit them at or email for more information on their available services.

Malware 2010 Call for Papers - The 5th IEEE International Conference on Malicious and Unwanted Software (Malware 2010) will be held in Nancy, France, Oct. 20-21, 2010
(from Daniel Reynaud at 20-3-2010)
The 5th IEEE International Conference on Malicious and Unwanted Software (Malware 2010) will be held in Nancy, France, Oct. 20-21, 2010. The conference is designed to bring together experts from industry, academia, and government to present and discuss, in an open environment, the latest advances and discoveries in the field of malicious and unwanted software. Techniques, economics and legal issues surrounding the topic of Malware, and the methods to detect and control them will be discussed. ... read more»

Computer snafu is behind at least 50 'raids' on Brooklyn couple's home
(from NYDailyNews at 20-3-2010)
Embarrassed cops on Thursday cited a "computer glitch" as the reason police targeted the home of an elderly, law-abiding couple more than 50 times in futile hunts for bad guys. Apparently, the address of Walter and Rose Martin's Brooklyn home was used to test a department-wide computer system in 2002. What followed was years of cops appearing at the Martins' door looking for murderers, robbers and rapists - as often as three times a week.... read more»

Cops: Burglar logs into MySpace on store computer
(from WTOP at 20-3-2010)
A burglar who spent about five hours on a store's computer after breaking into the business gave police all the clues they needed to track him down. Investigators said the 17-year-old logged into his MySpace account while at Bella Office Furniture and that made it easy for them to find him. He also spent time looking at pornography and trying to sell stolen items, all while using the business' computer. He was arrested Tuesday and charged with first degree burglary. Kennewick Police said he h... read more»

Facebook Says No To Government-backed Panic Button
(from itproportal at 20-3-2010)
In a rather blunt move, Facebook has rebuffed the Government and the child protection groups’ demand to install “panic button” on its users’ homepages to report about the alleged paedophiles and sexual predators throughout its website. The Home Secretary Alan Johnson met officials from the social networking site and put forth the need of a mechanism that would allow users to connect to the Child Exploitation and Online Protection Centre (CEOP) throughout the pages of the site.... read more»

Global Security Report 2010
(from Trustwave at 20-3-2010)
In 2009, the most notable trend is the continued use of existing attack techniques despite the security industry's awarness of these vulnerabilities. To see the full report, please download the attached PDF.... read more» spunked £153m on reorganisation IT
(from theregister at 20-3-2010)
The National Audit Office says that nearly 20 per cent of the £780m spent on central government reorganisations over the last four years has gone on IT. Nearly half of departments reported that IT purchasing had a high or moderate cost impact on their reorganisation process and 45 per cent said the same about website development, according to NAO's report Reorganising central more»

Privacy chiefs define 'data processor' and 'data controller'
(from The Register at 20-3-2010)
Europe's privacy watchdogs have outlined exactly what the meanings are of the two terms on which the whole EU Data Protection Directive hangs. It said that organisations need more guidance now because of the complexity of modern business. The Data Protection Directive governs how organisations can treat anything deemed as 'personal data'. It gives responsibilities to data controllers. They are held responsible for and must put in place processing contracts with their 'data processors'.... read more»

Health records riddled with errors
(from theregister at 20-3-2010)
The Summary Care Records scheme is not trusted by doctors because some records have serious errors. No patients have actually been harmed, but only because doctors do not trust the information contained in the database and so are double-checking information. Researchers from University College London found records which had missing information on patients' allergies or intolerances to drugs. They found other examples with incorrect allergies recorded or not listing drugs which patients wer... read more»

Dell order status website suffers second server meltdown
(from Channelregister at 20-3-2010)
Dell has once again apologised, after its servers buckled under the strain of requests from customers hoping to check the status of their orders on the company's website. As we reported in February, Dell assured its customers that it was putting processes in place to prevent its order status website from ingloriously dying on its arse in the future.... read more»

Virgin Mobile fined for pushing mobile spam
(from theregister at 20-3-2010)
Virgin Mobile has been fined for sending spam messages to Australian mobile users who'd already opted out of receiving promotions. The carrier was fined AU$22,000 (US$20,240) after it was found to have sent messages to mobile subscribers who had clearly stated their preference not to receive unsolicited text message ads. The Australian Communications and Media Authority (ACMA) levied the fine after Virgin Mobile customers received messages containing an "example of recent offers" in a bid ... read more»

Vodafone Spain admits 3,000 smartphones shipped with Mariposa
(from theregister at 20-3-2010)
Vodafone Spain has accepted that 3,000 customers were potentially exposed to malware after Mariposa botnet agents strayed onto the HTC Magic smartphone. The admission to Spanish media on Thursday follows a meeting between the mobile phone giant's Iberian arm and representatives from Panda Security. The infection of microSD cards for the HTC Magic with the Mariposa information-stealing client and other strains of malware was first reported after Vodafone Spain supplied a malware-infected An... read more»

Unprecedented 25-Year Sentence Sought for TJX Hacker
(from Wired at 20-3-2010)
Computer hacker Albert Gonzalez deserves a quarter-century behind bars for leading a gang of cyberthieves who stole tens of millions of credit and debit card numbers from a transaction processor and several giant retail chains, federal prosecutors argued in a court filing Thursday night. “[T]he sentences would be the longest ever imposed in an identity theft case and among the longest imposed for a financial crime, which is appropriate because Gonzalez was at the center of the largest and mos... read more»

A quarter of teens have tried hacking
(from NetworkWorld at 20-3-2010)
A quarter of teens have attempted to hack into other people's online accounts, says Tufin Technologies. Research by the security firm revealed that of those that had tried to hack into other people's accounts, 78 percent admitted they knew it was wrong but it didn't stop them. 'Cracking', or working out passwords, was cited as the most common way to hack into online accounts.... read more»

Google May Leave China By April 10, Report Says
(from Yahoo at 20-3-2010)
Google may make good on its threat to pull out of China and leave the Comm unist country by April 10, according to a Chinese language newspaper report. Citing anonymous sources, Shanghai-based China Business News says that Google may be ready to pull the plug on its China operations, and could announce its decision as early as Monday. If the rumors are true it would bring an end to a controversy that has been brewing ever since Google threatened to would shut down its business operations in ... read more»

ATM gang jailed for a total of 14 years
(from Finextra at 20-3-2010)
The trio appeared at Wood Green Crown Court where they pleaded guilty to a combined total of 13 burglary offences, which spanned areas across London, Sussex, Suffolk, Essex and Kent. The gang used a specially-modified seven-and-a-half tonne truck to pull the cash machine out of the wall of a Barclays bank branch in Golders green. They were arrested after a 10-mile chase in which six police cars were damaged.... read more»

U.S Hosts the Maximum Number of Malicious Websites
(from spamfighter at 20-3-2010)
Security firm AVG Technologies released a research paper on March 10, 2010, whose outcomes indicate that the majority of bad websites (44%) receive their hosting services from U.S. servers. Following USA are China and Germany, each at 5%. A majority of these sites that serve malware are originally unaffected before hackers actually compromise them to deliver exploits. It was found that, in all, almost 4,600 locations in the U.S had exploitative servers. Remarking about the discoveries, the... read more»

Beware Of IRS E-Mail Scams
(from websterkirkwoodtimes at 20-3-2010)
The Internal Revenue Service warns taxpayers that e-mail scams are circulating that fraudulently use the IRS name or logo as a lure. "The goal of the scam - known as phishing - is to trick you into revealing personal and financial information," said IRS spokesman Michael Devine. The scammers then use your personal information - such as your Social Security number, bank account or credit card numbers - to commit identity theft and steal your money. ... read more»

Google May Be Set to Depart China Soon
(from InternetNews at 20-3-2010)
Google may finally be ready to call it quits in China following a protracted war of words with the nation's government over censorship and cybersecurity. The Bloomberg news service, citing a report by Shanghai-based China Business News, said Google "may announce" an April 10 pullout as soon as next week on March 22. That's in keeping with recent comments by Eric Schmidt, Google's CEO, who in recent weeks has said several times that Google expects to announce a decision "soon" on its China ope... read more»

IRS warns of ‘dirty dozen’ tax scams to watch for
(from bristolpress at 20-3-2010)
The Internal Revenue Service has issued its 2010 “dirty dozen” list of tax scams. These include schemes involving return preparer fraud, hiding income offshore and phishing. “Taxpayers should be wary of anyone peddling scams that seem too good to be true,” said IRS Commissioner Doug Shulman. “The IRS fights fraud by pursuing taxpayers who hide income abroad and by ensuring taxpayers get competent, ethical service from qualified professionals at home in the U.S.”... read more»

To Battle Computer Hackers, the Pentagon Trains Its Own
(from Time at 20-3-2010)
After years of building firewalls and other defenses against relentless hacker attacks, the Pentagon is going over to the dark side of computer warfare. But ethically, of course. The Defense Department, like most other large organizations, has recognized that no wall is high enough to keep out skilled and determined hackers for keeps. Instead, it has decided that in order to anticipate and thwart attacks, it needs to know what the hackers know.... read more»

Critics pick holes in child pxxx filter
(from nzherald at 20-3-2010)
A Government initiative to stop people viewing websites containing images of child sexual abuse has some concerned about its merits. Chris Barton looks at the potential effects. Over the next few months some New Zealanders are likely to get a nasty shock while browsing the internet - a web page that pops up on their computer saying "STOP!". Some will genuinely be surprised, having accidentally stumbled into a nefarious zone, perhaps by curiously clicking a web link in a spam email, or perh... read more»

Quarter of UK kids have tried hacking, survey finds
(from CNN at 20-3-2010)
Though the majority of children agree that computer hacking is wrong, more than a quarter of those in England have tried it, a survey released Thursday found. Twenty-six percent of children surveyed said they had tried hacking -- breaking into someone else's account -- at some point. Of those who had hacked, more than a quarter (27 percent) had targeted accounts on the popular social networking site Facebook, and 18 percent went after their friends' e-mail accounts, the survey found.... read more»

Government warns industry over stolen phone 'recycling'
(from ComputerWorldUk at 20-3-2010)
The UK government has come up with a new scheme it hopes will clamp down on the growing problem of thieves using legitimate mobile phone recycling schemes to ‘fence’ stolen handsets. Announced by Home Office minister Alan Campbell, recycling companies are being urged to sign up to a code of conduct that will require them to check second-hand handsets against the National Mobile Phone Register, a database linked to police and mobile network lists of stolen and blocked phones.... read more»

What security strategy should enterprises adopt after the recession?
(from Computing at 20-3-2010)
IT managers must not bow to pressure to let security issues lapse as the UK exits the recession. This was the opinion of top level chief information security officers (CISOs) at a roundtable event held this month in London’s BT Tower. The risk is that as firms exit the recession and take advantage of new business opportunities, using new technologies, suppressed business activity may lead to pressure not to evaluate the inherent security risks in new projects.... read more»

UK Internet Security Significantly Better Than Rest Of Europe
(from IT Proportal at 20-3-2010)
In what comes as a sigh of relief to many who have been wary about the vulnerability of the UK’s cyber infrastructure, a recent parliamentary investigation has claimed that the UK’s internet infrastructure is better placed to withstand intrusions than many other countries in Europe. In a report released on Wednesday, a House of Lords Committee noted that the country’s essential utilities, banking, as well as government systems are well off to deal with cyber attacks and natural disasters.... read more»

Facebook responds to massive phishing scheme
(from CNN at 20-3-2010)
Facebook has responded to a an apparently massive attempt to steal passwords from its users. "There's another spoofed email going around that claims to be from Facebook and asks you to open an attachment to receive a new password," read a post on the Facebook Security page. "This email is fake. Delete it from your inbox, and warn your friends." Facebook will never send users a new password in an attachment, the post says. The messages claim to be from Facebook, with a return address tha... read more»

US gov't considers undercover social networking
(from ZDNet at 20-3-2010)
The Obama administration has considered sending federal police undercover on social-networking sites, including Facebook, MySpace and Twitter. A confidential US Department of Justice presentation on social-networking sites made public on Tuesday said online undercover work can help agents "communicate with suspects", "gain access to nonpublic info", and "map social relationships". By contrast, an IRS document about social-networking sites was more cautious about internet undercover work. I... read more»

Facebook Users Can Be Affected by Malicious E-mail Password Reset Scam
(from latestngadgets at 20-3-2010)
According to experts, 400 million global users of the socials networking giant can come across a malicious Facebook e-mail password reset scam. The attack was detected by researchers at McAfee Labs. Users receive an e-mail alert warning that ask users to reset their password. The e-mail is equipped with an attachment that is required to be opened in order users could get a new password. Because of downloading the attachment, the user is becoming affected by different malwares, among which ... read more»

Facebook Email Malware Can Steal ALL Your Passwords
(from twittown at 20-3-2010)
There is a fake email going around in the last week that is particularly worrisome. The mail poses as a genuine email from facebook and says that they have reset your password and that your new password is enclosed in an attached file. We have got several copies sent to us in the past week already. Inside the zip file is an .exe program file that infects your computer and can reportedly steal all your passwords. Not only your facebook password either, all passwords. It is not clear if it... read more»

Malware infects second Vodafone HTC phone
(from ZDNet at 20-3-2010)
A second Android-based HTC Magic from Vodafone has been found harboring malware, including a program that turns infected machines into zombies as part of the Mariposa credit card and bank log-in-stealing botnet, according to Spain-based PandaLabs. When Panda Security found malware on a brand new HTC Magic earlier this month, Vodafone said it was an "isolated local incident". After hearing about PandaLabs' discovery, an employee at another Spanish security company, S21Sec, checked his recently... read more»

Fake servers even less secure than real ones
(from The Register at 20-3-2010)
The prognosticators at Gartner are at it again, and this time they are guessing that IT shops are not going to be as diligent in securing their virtual servers as they need to be for many years to come. The company has released a new report, with the catchy title Addressing the Most Common Security Risks in Data Center Virtualization Projects, that makes predictions based on surveys of IT shops doing server virtualization projects in 2009. (You can shell out some cash for the report here.)... read more»

APWG Counter-eCrime Operations Summit (CeCOS IV)
(from APWG at 20-3-2010)
The fourth annual Counter-eCrime Operations Summit (CeCOS IV) will engage questions of operational challenges and the development of common resources for the first responders and forensic professionals who protect consumers and enterprises from the ecrime threat every day. This year's meeting will focus on the development of response paradigms and resources for counter-ecrime managers and forensic professionals. Presenters will proffer case studies of national and regional economies under attack... read more»

New South Wales Government website regattacentre
(from regattacentre at 20-3-2010)
Site defaced: New South Wales Government website regattacentre. notified by Ashiyane Digital Security Team... read more»

Google Street View criticised for 'showing images of secret SAS headquarters'
(from Telegraph at 20-3-2010)
The entrance to the base, which has never before appeared on maps for security reasons, can easily be identified on the images, leading to fears it could be used for terrorist planning. Users can even see the base, in the country's west, is clearly marked as "British SAS" on the website.... read more»

NYC cops sorry for pounding couple's door 50 times
(from washingtonpost at 20-3-2010)
Cheesecake in hand, the police commissioner personally apologized Friday for the 50 or so mistaken, door-pounding visits that police have made to the home of a bewildered elderly Brooklyn couple in the past eight years. It seems a glitch in computer records had led them over and over to Walter and Rose Martin's modest home in the Marine Park neighborhood, about 7 miles southeast of the Brooklyn Bridge.... read more»

Massive FBI computer overhaul is put on ice (again)
(from The Register at 20-3-2010)
The FBI has once again suspended work on parts of a massive computer overhaul that many say is vital to fighting crime and terrorism. Putting the project known as Sentinel on hold has alarmed some on Capitol Hill because the upgrade was considered vital to shoring-up deficiencies in key areas, The New York Times reports. Several years ago, FBI computer systems were so poor that many agents couldn't send or receive email and had difficulty getting case histories or tapping other databases.... read more»

Homeland security - Ongoing Challenges Impact the Federal Protective Service’s Ability to Protect Federal Facilities (GAO-10-506T)
(from GAO at 20-3-2010)
Over the past 5 years GAO has reported that FPS faces a number of operational challenges protecting federal facilities, including: FPS’s ability to manage risk across federal facilities and implement security countermeasures is limited. FPS assesses risk and recommends countermeasures to the General Services Administration (GSA) and its tenant agencies, however decisions to implement these countermeasures are the responsibility of GSA and tenant agencies who have at times been unwilling to fu... read more»

Are you being cross-notified? - Service provider administrators had managed to infect their administrative workstations with malware
(from Gartner at 20-3-2010)
I’ve recently become aware of several incidents of client data being lost because their service provider administrators had managed to infect their administrative workstations with malware. If your service provider were to suffer an embarassing failure like that, would they tell you? Before allowing an outsider to have privileged access to any of your systems, you should ensure that they are contractually obligated to inform you of any security incident that could potentially affect you–even ... read more»

Watchdog criticizes Homeland Security's IT management of border initiative
(from nextgov at 20-3-2010)
The Homeland Security Department and a contractor rewrote most of the quality testing procedures for a project to deploy sensors and cameras along the U.S. southwest border, in part to make them more likely to pass inspection, an official with the Government Accountability Office testified on Thursday.... read more»

The cloudy world of passwords
(from Help Net Security at 20-3-2010)
With the growth of social networking, online media consumption and cloud computing, every day millions of people log in to a variety of different sites using a username and password or PIN combination. However, over the last few months there have been a number of high-profile hacking attacks that have pointed to the inherent weakness of the fixed password authentication systems that control access to these services.... read more»

US calls for 'YouTube' of government data
(from BBC at 20-3-2010)
The US technology chief has called on developers to build the "YouTube" of government data. Vivek Kundra told the BBC that he envisaged a world where anyone could "slice and dice" government information and share their results. Mr Kundra is in charge of the US website, which gives citizens access to reams of official statistics.... read more»

Domain Security Must Improve, Industry Warned
(from hostexploit at 20-3-2010)
The IT security industry has been urged to improve domain security by the UK Serious and Organised Crime Agency (SOCA). Speaking to the e-Crime Congress 2010 in London this week, Paul Hoare from SOCA said industry must work harder to create an environment that prevents cyber criminals from targeting consumers. A particular area of focus, Hoare said, should be domains. He argued that current domain registration processes are making it easier for criminals to operate. “It's far too easy to r... read more»

DealsDirect blacklisted for hosting malware
(from hostexploit at 20-3-2010)
Australia's largest online bargain shopping site,, was blacklisted by Google and major internet browsers today after it was found to be hosting malware. The site sells a broad range of goods including kitchen items, furniture, computers, electronics, jewelry, tools, fitness equipment, alcohol, Manchester, musical instruments and toys.... read more»

Code breakers score supercomputer
(from hostexploit at 20-3-2010)
Australia's top-secret code-breaking organisation has commissioned a new state-of-the-art supercomputer. Defence Personnel, Materiel and Science Minister Greg Combet yesterday commissioned the new supercomputer, supplied by Cray Inc, to the Defence Signals Directorate headquarters in Canberra. ''This new supercomputer represents a cutting-edge capability and was delivered in close collaboration with industry,'' Mr Combet said.... read more»

Royal London Mutual Insurance Society loses eight laptops and 2,135 personal records
(from hostexploit at 20-3-2010)
The Information Commissioner's Office (ICO) has reported that the Royal London Mutual Insurance Society lost eight laptops and the personal details of 2,135 people. It has declared that the insurance provider breached the Data Protection Act when the laptops were stolen from the company's Edinburgh offices. Two of the laptops contained the information, and the individuals affected were employees of various firms that had sought pension scheme illustrations.... read more»

OSCE trains Kosovo police in tackling cybercrime
(from hostexploit at 20-3-2010)
Cybercrimes such as identity fraud, credit card fraud and money laundering are worldwide problems that need to be tackled through a combination of laws and law-enforcement resources and expertise. The OSCE Mission has been helping Kosovo to develop the required mechanisms to fight this type of crime. The Mission's involvement in developing Kosovo's security and public safety sector dates from 1999 when it helped establish the public safety agency. Now it provides the agency with specialized t... read more»

Report: IRS dogged by information security lapses that make taxpayer records 'vulnerable'
(from TheHill at 20-3-2010)
The Internal Revenue Service remains dogged by serious information security lapses, many of which federal investigators have asked the agency to correct since 2008, according to a new Government Accountability Office report. Despite multiple warnings, IRS officials still do not "enforce strong password management," limit user access to information and programs appropriately, monitor security events on key computers or "physically protect its computer resources," according to the GAO review, r... read more»

Malware infects memory cards of 3,000 Vodafone mobiles
(from ComputerWorld at 19-3-2010)
Malware-tainted memory cards may have ended up on as many as 3,000 HTC Magic phones, a greater number than first suspected, Vodafone said today. The problem came to light earlier this month after an employee of Panda Security plugged a newly ordered phone into a Windows computer, where it triggered an alert from the antivirus software. Further inspection of the phone found the device's 8GB microSD memory card was infected with a client for the now-defunct Mariposa botnet, the Conficker wor... read more»

New Form of Credit Card Theft Discussed by Computer Forensics and Security Expert
(from pr-usa at 19-3-2010)
Credit card theft is nothing new. It continues to be widespread and, for a large part, out of control. As new ways of protecting our credit card data become available, criminals are developing new techniques to bypass these security measures. On this week's Marketplace, which airs on Friday March 12th, a new episode titled "Who's Minding the Store?" describes how thieves are using new techniques to gain access to credit and debit card information. The episode features computer forensics and s... read more»

Facebook users targeted in spam attack
(from ComputerWorld at 19-3-2010)
Facebook's 400 million users have been targeted by a spam run that could infect their computers with malicious software designed to steals passwords and other data, according to security researchers at McAfee. Over the last two days, millions of messages have been sent, which McAfee detected through customers running the company's security software, said Dave Marcus, McAfee's director of security research and communication. The messages appear to come from Facebook, with a return address t... read more»

New Spam Targeting Facebook Users Is Invisible to Most Virus Scans, Says UAB Expert
(from uab at 19-3-2010)
Cyber-criminals are using fake e-mails to target Facebook users and deliver computer viruses that were being detected only by one-third of the 42 most common anti-virus products as of noon Thursday, March 18, says a leading cyber-crime researcher at the University of Alabama at Birmingham (UAB). Gary Warner, the UAB director of research in computer forensics, says his team in the UAB Spam Data Mine has been tracking the Facebook spam campaign for the past three days. While it is not in the da... read more»

Students’ personal information stored on professor’s stolen computer
(from insidevandy at 19-3-2010)
A Vanderbilt professor’s computer containing the names and social security numbers of 7,174 current and former students was stolen from a locked campus office sometime during the weekend of Feb. 6, according to Vanderbilt public affairs officials Beth Fortune and Liz Latt. Letters were sent on March 10 and 11 to the individuals whose personal information was on the personal computer, alerting them to the situation and that they were being offered, free of charge, 12 months of identity protect... read more»

Japan's Anti-Phishing Council and JPCERT/CC Release Customized Version of Wombat's Phil Training Game to Educate Japanese Public
(from Marketwire at 19-3-2010)
Today Japan's Anti-Phishing Council in cooperation with Japan's Computer Emergency Response Team Coordination Center (JPCERT/CC) launched a Japanese version of Wombat Security Technologies' Anti-Phishing Phil game to train the Japanese user community not to fall for phishing attacks. The launch is part of a new public education campaign aimed at raising awareness of phishing attacks and educating the public on how to best protect themselves against such attacks. Anti-Phishing Phil is an engag... read more»

Charlie Miller on Mac OS X, Pwn2Own and Writing Exploits
(from threatpost at 19-3-2010)
The following is the full transcript of a live Threatpost chat with Charlie Miller, a vulnerability researcher at Independent Security Evaluators. During this session, Miller discussed his approach to finding security flaws, his work on fuzzing applications, his plans for this year's Pwn2Own hacker challenge and his thoughts on improvements in Apple's Mas OS X.... read more»

Internationalizing Cybersecurity - Eric Chabrow
(from govinfosecurity at 19-3-2010)
It's not just our government that sees the need for the international community to collaborate in developing global standards for cybersecurity. The British House of Lords European Union Committee Thursday issued a report entitled Protecting Europe Against Large-Scale Cyber Attacks, which concludes international cooperation is necessary to protect British and the EU's critical IT infrastructure. From the report: "Any assessment of the role of the EU must be made in a global context, re... read more»

Job Hunter's Guide to Social Media
(from Bankinfosecurity at 19-3-2010)
Social networking sites such as LinkedIn, Twitter and Facebook have revolutionized the job search process. Hiring managers and recruiters are using these sites to source candidates and perform informal background screening. So, it behooves a prospective candidate to maximize visibility on these sites - in the right way. "If information security job seekers are looking to increase their success at finding a job, they need to change the way they network and embrace the social websites and onlin... read more»

China's control of rare metals threatens tech industry
(from ComputerWorldUk at 19-3-2010)
China is facing increasing criticism for holding down the value of its currency to gain export advantage, and for its cyber-attacks against Google . But another growing concern is its control of rare earth metals critical to high-tech manufacturing. China's pricing of these metals is so low that it has become unprofitable for mining companies in US and other Western countries to mine and process them. The US is almost completely dependent on China for these metals. One metal, neodymium, is... read more»

Online presence of hate, terrorist groups up 20%
(from Arstechnica at 19-3-2010)
Hate groups have always been a presence on the Internet, but their presence is growing quicker lately thanks to social networking sites. According to a report from the Simon Wiesenthal Center (SWC), groups that promote violence, terrorism, homophobia, antisemitism, and other forms of intolerance grew by 20 percent in the last year alone. The report is part of the Center's annual look at the spread of hate groups online, which noted that there are now more than 11,500 social networks, websites... read more»

European Internet Resilience
(from webmedia at 19-3-2010)
The House of Lords has now published its report on the EC Communication on Protecting Europe Against Large Scale Cyber-Attacks. The conclusions seem broadly to agree with the evidence that Chris Gibson (FIRST) and I presented to them in November: that disruption to the Internet (whether deliberate, accidental or environmental) is something that needs to be taken seriously; that the UK is relatively well-placed in this respect; that there is a role at European level for encouraging the adoption o... read more»

Google knew YouTube did evil, but bought it anyway
(from The Register at 19-3-2010)
Do no evil? Google execs knew YouTube was in the wrong, but swallowed hard and bought it anyway, emails disclosed to a US court show. In 2006 execs at the Chocolate Factory were aware that the startup was less than wholesome, describing it as a "rogue enabler of content theft" whose "business model is completely sustained by pirated content" - in emails now made public. They acknowledged it would raise ethical questions. In October the same year, Google acquired the video site for $1.65bn. Th... read more»

End Users Buck Security Advice For Economic Reasons
(from DarkReading at 19-3-2010)
End users routinely reject security advice and recommendations for strong passwords and for heeding dangerous Website warnings -- and that behavior makes perfect sense from an economic and psychological perspective, security experts say. Cormac Herley, a researcher in the Microsoft Research organization, says end users are understandably noncompliant because there just isn't explicit proof that creating a strong password, for example, makes them less likely to have their accounts hacked. ... read more»

Is the data watchdog about to pounce?
(from Computing at 19-3-2010)
The UK’s privacy watchdog is likely to use the full force of its new powers to penalise organisations for data loss in the next few months to set an example to others, according to compliance experts. Alan Calder, director at data security consultancy ITgovernance, expects the Information Commissioner’s Office (ICO) to pursue a small number of high-profile cases concerning breaches of the Data Protection Act (DPA) in the spring and summer, and issue fines of up to £500,000 where appropriate.... read more»

Patched cybersecurity act proposed in the Senate
(from ZDNet at 19-3-2010)
Senator Jay Rockefeller, along with Senator Olympia J. Snowe, introduced to the Senate a redrafted Cybersecurity Act (of 2009) Bill that makes two significant changes to the one originally introduced as S 773. Essentially it is a complete rewrite of the original bill but the reality is, it covers the same ground. Several tech giants had serious concerns with the Bill, along with the EFF and EPIC. One of the key sections included legislation that empowered the President to shut down the Intern... read more»

Security risks of multi-tenancy
(from ZDNet at 19-3-2010)
One of the concerns expressed by both users and experts attending Cloud Computing Congress in London this week was the risk of data being exposed to third parties in a multi-tenant environment. There seems to be a lot of confusion on the matter, so I thought it would be useful to blog a quick overview that may be helpful for people evaluating whether to go multi-tenant. Intuitively, we feel that if our data is physically on the same computer system — or, in a fully multi-tenant stack, actuall... read more»

SNCF closes web security loophole
(from connexionfrance at 19-3-2010)
A WEB security loophole allowing hackers to access the personal details of thousands of rail passengers has been closed after it was uncovered by a newspaper. The SNCF has been aware of the flaw since June 2008, according to Le Canard EnchainĂ©, which received a leaked internal memo from then warning of a "possible misuse of customer data". A hacker showed how easy it was to access the name, address, telephone number and date of birth of customers registered on - all th... read more»

Mary's Pizza Shack hacked
(from sonomanews at 19-3-2010)
The Plaza location of Mary's Pizza Shack has been identified as the target of Internet hackers who penetrated the restaurant's computer system with a "logger" virus that captured credit card numbers at the transaction terminal. The presence of a virus was discovered by a corporate official on Feb. 10 after the family-run company received reports from friends about unauthorized credit card charges. CEO Vince Albano, grandson of Mary's founder Mary Fazio, said the company immediately contacted ... read more»

2010 Council of Europe Conference on Cybercrime - Security and fundamental rights – what rules for the Internet?
(from wcd at 19-3-2010)
Description : The conference aims at strengthening co-operation between the public and private sectors in combating crimes committed via the Internet. The conference should call for a global effort to help countries meet cybercrime challenges by making the best possible use of existing tools and instruments. On that occasion the Council of Europe will gather experts from all over the world, representing governments, the police and the Internet industry (including Microsoft, Google, PayPal and... read more»

What Are the Most Underrated Security Technologies?
(from ComputerWorld at 19-3-2010)
Last week we looked at security technology some readers consider overvalued. This week we're back to study the other side of the coin. Here are four techniques and related technologies several cited as underrated in today's security fight. Since one security pro's miracle tool is another's waste of budget, it's no surprise that a couple of the technologies panned last week are praised here. Whitelisting Application security is something companies increasingly worry about, as the number of ... read more»

The pros and cons of cyber identity and attribution on the Internet
(from SearchSecurity at 19-3-2010)
From Nadia Short's point of view, cyber identity and attribution on the Internet is "the holy grail." As vice president of strategy and business development at General Dynamics Advanced Information Systems, which supplies products and services to U.S. defense and intelligence agencies, she sees attribution on the Web as critical to fighting cybercrime. "If we could figure out who is doing harm to us, the deterrent would be much greater," and the number of cyber threats would be reduced, Short... read more»

Sophos - Stop Spamming Me and End Your SEO Campaign
(from technicalinfodotnet at 19-3-2010)
Spam takes on many different forms. Sure, we're all familiar with the crap that makes it in to our inbox, but what about the other stuff - like the stuff that appears as comments in our blog entries? Blog comment spam is on the rise, particularly when it's used less as a direct advertising tool and more for Search Engine Optimization (SEO) attacks/manipulation. In most cases I've observed, the SEO-orientated blog spam has been initiated by the bad guys - looking to escalate their infectious d... read more»

Internet-related crime rose 110% in 2009
(from Tampa Bay Online at 19-3-2010)
Victims of investment scams, phony work-from-home offers and fraudulent companies offering access to stimulus money reported a record number of financial losses in 2009. In complaints to the Internet Crime Complaint Center, consumers reported losing $559.7 million at the hands of cyberthieves, representing a 110 percent increase compared with 2008 figures.... read more»

Cyber Crooks Doubled Their Take in '09: FBI
(from eSecurity Planet at 19-3-2010)
The latest data from the FBI's Internet Crime Complaint Center (IC3) confirms what online banks, security software vendors and Internet users have been complaining about for years: cybercrime is skyrocketing and costing people millions of dollars with no end in sight. The report (available here in PDF format) from the IC3, a partnership between the FBI, the Bureau of Justice Assistance and the National White Collar Crime Center, found that the total number of cybercrime complaints rose 22 per... read more»

Pwn2Own predictions: iPhone will be hacked
(from ZDNet at 19-3-2010)
Hackers at this year’s CanSecWest Pwn2Own contest will definitely break into an Apple iPhone by exploiting a remote code execution vulnerability. That’s the prediction from Charlie Miller and Aaron Portnoy, two security researchers who are monitoring events leading to next week’s hacker challenge.... read more»

Action taken after insurance provider loses over 2,000 people’s details
(from databreaches at 19-3-2010)
The Information Commissioner’s Office (ICO) has found that the Royal London Mutual Insurance Society breached the Data Protection Act (DPA) after eight laptops, two of which contained the personal details of 2,135 people, were stolen from the company’s Edinburgh offices. The individuals affected were employees of various firms which had sought pension scheme illustrations. The two laptops containing personal information were unencrypted but were password protected.... read more»

High-tech copy machines a gold mine for data thieves
(from The Star at 19-3-2010)
Even though high-volume photocopy machines with hard drives have been around for more than five years – most large offices today would have them, the kind that photocopy 35 to 60 pages a minute – people rarely think of them as computers, said University of Toronto computer science professor Graeme Hirst.... read more»

IE8, iPhone will fall first day of hacking contest, predicts organizer
(from IT World at 19-3-2010)
Microsoft's Internet Explorer 8, not Apple's Safari, will be the first browser to fall in next week's Pwn2Own hacking challenge, the contest organizer said today. Aaron Portnoy, security research team lead with 3Com TippingPoint, the sponsor of Pwn2Own, also predicted that Apple 's iPhone will be the only smartphone hacked during the contest, which starts March 24. Portnoy, who organized the fourth annual Pwn2Own, changed his predictions from earlier bets he made a month ago because of new... read more»

UK ahead of EU in cyber attack defences
(from PublicTechnology at 19-3-2010)
The UK needs to work more closely with Nato to fend off cyber attacks on critical national infrastructure from Russia and China, but is otherwise “reasonably well-placed" to cope with such incursions. According to a report from the House of Lords EU Home Affairs sub-committee, the UK is ahead of the rest of Europe which is lacking in its defensive readiness.... read more»

Report: Phishing Hits All-Time High
(from Dark Reading at 19-3-2010)
Phishing attacks increased more than 60 percent from 2008 to an all-time high as the number of attacks per organization hit nearly 600, a new report finds. MarkMonitor's 2009 BrandJacking Index report, released this week, shows 565,502 phishing attacks last year, up 62 percent from 2008, and attackers have become more targeted given only 33 percent of the victims were first-time phishing targets. Attacks targeting social networks increased by 376 percent from 2008, with 11,240 attacks -- a... read more»

Crucified by the GOOG: Sorry, your account has been disabled
(from wcvarones at 19-3-2010)
Imagine my surprise when I tried to log in to Blogger this morning and saw this: With no explanation, Google/Blogger disabled my account. I don't know whether it was a mistake or whether one of those Google leftists didn't like something I wrote. I've tried to contact Google Help several times today, with no response. My account is still shut down, and I'm posting this from a temporary new account I've created.... read more»

Viacom: 'YouTube Intentionally Infringed'
(from Internet News at 19-3-2010)
YouTube was intentionally built on infringement and there are countless internal YouTube communications demonstrating that YouTube's founders and its employees intended to profit from that infringement. The law criminalizes the production of technology to circumvent anti-piracy measures while limiting the liability of providers of online services for copyright infringement by their users. While it is still early in the legal battle, it appeared Google was trying to cast Viacom's strategy a... read more»

Dark cloud: Study finds security risks in virtualization
(from Government Computer News at 19-3-2010)
Government IT upgrade projects may soon have a new wrench thrown into the works. According to recent research from Gartner, 60 percent of virtual servers are less secure than the ones they replace. The situation is slated to continue through the end of 2015, when the number of insecure virtual servers is expected to drop to 30 percent. Numerous state, local and federal agencies have moved or are moving to virtual servers, including the state of California and the Energy Department. While ... read more»

One in four children has attempted hacking with one fifth believing that they could generate an income from the activity
(from scmagazineuk at 19-3-2010)
A survey has found that one in four schoolchildren have attempted some level of hacking. Despite 78 per cent agreeing that it is wrong, a quarter have tried to surreptitiously use a victims' password, with almost half saying that they were doing it ‘for fun'. However 21 per cent aimed to cause disruption and 20 per cent thought they could generate an income from the activity. Five per cent said that they would consider it as a career move.... read more»

Proof of identity now required for .ru domain registrations
(from hostexploit at 19-3-2010)
By April 1, 2010, registrants of domain names ending in .RU must file proof of their identities with their registrars in order to maintain their existing domain names, and obtain new ones. The change comes as a result of the new Terms and Conditions of Domain Names Registration Under Domain .RU, which came into effect on October 1, 2009 and apply to both individual and corporate registrants.... read more»

Detection should be part of recession security exit strategy, say experts
(from Computer Weekly at 19-3-2010)
IT departments should concentrate their IT security spending on network and systems monitoring in the coming months if they want to get the best value for their money, say IT security professionals. Although most organisations are adequately protected by antivirus systems and firewalls, many IT departments are failing to actively monitor their networks effectively to check for signs of malware and hacking. This is leaving businesses exposed to hackers and organised criminals, who are often... read more»

Waihopai a key link in global intelligence network
(from New Zealand Herald at 19-3-2010)
When peace activists used a sickle to puncture a plastic radar cover at Blenheim's Waihopai spy base, they temporarily deflated a key link in an organisation that is a global eavesdropper. Both Waihopai and the Tangimoana radio listening post near Palmerston North have been identified as key players in the United States-led Echelon spy programme. Though they are run by the Government Communications Security Bureau (GCSB), the bulk of the bases' intelligence is believed to be fed to the US and... read more»

Protecting Europe against large-scale cyber-attacks
(from Parliament at 19-3-2010)
There is now scarcely any activity of our daily lives which does not rely on the Internet.1 Banking,2 travel and tax, trading, saving and dating - everything is increasingly performed online and so depends on the Internet. And while any country can survive without online shopping, to be deprived for any length of time of online communication for government, energy or defence, to give only some examples, can rapidly bring a country to its knees. We explain in the following chapter how this bri... read more»

Dangers of copy&paste
(from SANS at 19-3-2010)
One of our readers, Bill, wrote in to let us know about a pretty dangerous batch script that was posted on a web site that he visited. The script is supposed to help users get rid of print jobs which are still in the spooler, but a couple of obvious errors were done. The script is, as you can see, very simple – all it does is stop the printer spooler (the spooler service) and then it is supposed to delete all files in the %systemroot%system32spoolprinters directory. Unfortunately, the author ... read more»

Courts Stretching Computer Hacking Law In Dangerous Ways
(from Techdirt at 19-3-2010)
Michael Scott points us to a very interesting analysis of how to different appeals courts have very different interpretations of our federal anti-hacking law. The Computer Fraud and Abuse Act was passed by Congress to create criminal sanctions for malicious computer hacking. The problem, of course, is that whenever you have politicians passing laws about technology, they may be a bit vague. So, the way hacking was defined was effectively to say that the perpetrator accessed info "without aut... read more»

Islamo-cyber-terror hits Defcon level farce
(from thinq at 19-3-2010)
Islamic cyber terrorists have reached such advanced levels of computer literacy that they have learned how to leave graffiti on websites, according to British intelligence and security chiefs. After many years in which press over-reaction to official speculation of suspected Islamic cyber terror threats has encircled Britain in a shroud of incredulous fear, Parliament's Joint Intelligence and Security Committee (ISC) subtly downgraded the cyber terror threat last week.... read more»

Be prepared for the year of mobile malware
(from ZDNet at 19-3-2010)
The rise in threats to mobile devices is definitely real, although still a long way from reaching epidemic proportions. The real message for the coming months is about preparedness. There were a limited number of new threats in 2009, but a significant increase in their complexity and criminal intent. Signs are that consumer acceptance of mobile phone-based financial activity is now mainstream, with handset banking applications even being advertised on primetime television.... read more»

Europe 'vulnerable to cyberattack'
(from Guardian at 19-3-2010)
European governments are not doing enough to improve online security – leaving the entire continent vulnerable to cyberattack, according to a new parliamentary investigation. A report from the House of Lords suggests that officials in Brussels have failed to boost the union's internet defences – creating a yawning gap between Nato, the EU and member states that could leave the system prone.... read more»

HotCloud '10 Call for Papers
(from USENIX at 19-3-2010)
HotCloud '10 will be part of USENIX Federated Conferences Week, which will take place June 22–25, 2010.Cloud computing has attracted a great deal of attention both from the research community and from industry. The cloud computing paradigm has evolved over the years from a basic IT infrastructure (data centers) to platform as a service (PaaS), and then from software as a service (SaaS) to complete service enablement on a hosted infrastructure (IaaS). At the same time, virtualization has emerged ... read more»

$45,582 telephone bill:Furniture company's security breach traced back to Somalia
(from hickoryrecord at 19-3-2010)
It only took 12 hours for a hacker to run up $45,582 in telephone charges for a local furniture company. More than 10,000 minutes of phone calls were made from the phones at Sherrill Furniture on Highland Ave. NE from 9 p.m. on Friday, March 5 to 9 a.m. the following day. The company reported the security breach to police Tuesday and the preliminary investigation revealed that the phone calls originated in Somalia. Investigators know that calls were made to Austria, Bulgaria, France, Korea, a... read more»

UK police push for end to domain name abuse
(from TechWorld at 19-3-2010)
Law enforcement officials in the UK and US are pushing the Internet Corporation for Assigned Names and Numbers to put in place measures that would help reduce abuse of the domain name system. Now it is "ridiculously easy" to register a domain name under false details, said Paul Hoare, senior manager and head of e-crime operations for the UK's Serious Organised Crime Agency (SOCA). Domain names can be used for all kinds of criminal activity, ranging from phishing to trademark abuse to facilita... read more»

Hacking 'fun' for British teens
(from BBC at 19-3-2010)
One in four young Britons attempts to access the Facebook accounts of their friends, a survey claims. The most common route of access was by working out - or "cracking" - each other's passwords. The poll of 1150 under-19s found that nearly half of those who accessed other accounts did so from either their own computer or one at school. The main reason given for doing it was for fun, and a further 21% admitted they hoped to cause disruption. The young people questioned took part in the online... read more»

Spanish researcher wants us all on her database
(from TGDaily at 19-3-2010)
Look, we'd all like our jobs to be made a little easier. But some Spanish forensic anthropologists have a rather big request - the creation of a global database of everybody in the world. Not only that, they want it 'immediately'. They say the database would assist in the identification of disaster victims such as the Haiti earthquake or the 2004 Asian tsunami. It should contain computer records, they say, such as anthropological data and physiognomic characteristics - that's what your featur... read more»

Facebook, Twitter and Microsoft claim that weak passwords still cause security headaches
(from scmagazineuk at 19-3-2010)
The biggest problem with web security is still weak passwords, according to spokespeople from three major IT networks. Speaking at South by South West Interactive (SXSWi), an industry panel of security engineering managers from Twitter, Facebook and Microsoft discussed the approaches they use to secure their web services.... read more»

The UK is leading the way in cyber security within the EU
(from scmagazineuk at 19-3-2010)
The UK has been declared as being ‘reasonably well placed' to cope with a large-scale cyber attack. After a House of Lords committee was gathered last year to investigate EU policy on cyber attacks, it said that while the internet was under constant threat of disruption from the actions of cyber criminals and hostile states, Britain was leading the way in cyber security within the EU.... read more»

Fraudsters harvest teenagers' details from Facebook, other sites for fake credit cards
(from Courier Mail at 19-3-2010)
FRAUDSTERS are buying credit cards on the black market for as little as $8 each and then "harvesting'' intimate details of teenagers from social networking sites such as Facebook to steal their identities. Queensland's fraud unit head, detective Superintendent Brian Hay, has warned D-Day was coming for a generation who will become young fraud victims after posting too much personal information about themselves on the net.... read more»

P2P Puts Medical Data At Risk
(from Information Week at 19-3-2010)
Many home computer users don't realize it, but the next time they download a movie, a video or some old sentimental song, they may be giving an intruder the opportunity to search the PC's files for sensitive information, including their health records, a new study finds. What kind of sensitive information? Well, according to Khaled El Emam, Canada research chair at the University of Ottawa, and the lead on a research paper on the inadvertent disclosure of personal information through peer-to-... read more»

Fired CISO says his comments never put Penn.'s data at risk
(from Computer World at 19-3-2010)
Robert Maley was fired from his job as the chief information security officer for the state of Pennsylvania earlier this month after he spoke, without proper authorization, about security incidents involving the state during a panel discussion at the RSA trade show. References he made to a security incident involving the online driving test system at the Pennsylvania Department of Transportation in particular were believed to have led to his termination. A state spokesman has not commented, ... read more» auction delayed by court action
(from v3 at 19-3-2010)
The auction of, the world’s most expensive domain name, has been stalled after legal action. The auction was due to be held this week and potential buyers would have had to put up at least a million dollars for the opening bid. However, the auctioneers told that an involuntary Chapter 11 bankruptcy [PDF] petition has postponed the auction. “We can confirm that the auction has been temporarily suspended,” Auctioneer Richard Maltz told read more»

Russian accused of stock hacking denies allegations
(from v3 at 19-3-2010)
The Russian at the centre of allegations by the Securities and Exchange Commission (SEC) of stock price manipulation using hacked trading accounts has denied the claims. Valery Maltsev, president of BroCo, said that he was not behind the plan to manipulate stock prices by using stolen stock trading accounts. The company has investigated the claims and has identified the perpetrator, who is a client. "The account suspected in price manipulation in market belongs to a client of the company. The... read more»

Facebook, March Madness in cybercrime spotlight
(from v3 at 19-3-2010)
Experts have issued warnings over a pair of recent web attacks. McAfee said in separate reports that Facebook has become the lure in a new " password reset" scam and malware writers have begun to tailor their attack sites to the NCAA college basketball tournament known as March Madness. McAfee Labs research manager Dave Marcus said that the company had spotted emails claiming to be from Facebook's customer support team. The messages tell the user that their password has been reset and the new... read more»

Dismantling of Saudi-CIA Web site illustrates need for clearer cyberwar policies
(from Washington Post at 19-3-2010)
By early 2008, top U.S. military officials had become convinced that extremists planning attacks on American forces in Iraq were making use of a Web site set up by the Saudi government and the CIA to uncover terrorist plots in the kingdom. "We knew we were going to be forced to shut this thing down," recalled one former civilian official, describing tense internal discussions in which military commanders argued that the site was putting Americans at risk. "CIA resented that," the former offic... read more»

Web inventor calls for government data transparency
(from BBC at 19-3-2010)
Countries should be judged on their willingness to open up public data to their citizens, the inventor of the world wide web has told the BBC. He said "openness of data and the neutrality of the network" should be considered as important as free speech. Sir Tim Berners-Lee is an advisor to a UK project - - that offers reams of previously hidden public sector data for anyone to use. Open data could now be considered a basic right of citizens, he added.... read more»

Cybersecurity needs global rules: British lawmakers
(from Yahoo at 19-3-2010)
Europe's online security would best be served by developing global cyber regulation, ending current "ad hoc" international efforts, British lawmakers said on Wednesday, echoing industry calls for worldwide rules. In a report, a committee of parliament's upper chamber said that creating a common European-wide approach, while a desirable step in the right direction, was seen by many in the cyber community as "second best" to global regulation.... read more»

DHS To Share Intelligence With Some CIOs
(from Information Week at 19-3-2010)
Some public- and private-sector CIOs and chief security officers (CSOs) now have access to intelligence about security threats to critical infrastructure from state and local fusion centers through a new Department of Homeland Security (DHS) pilot program. Through the program, underway now, CIOs and CSOs from state and local governments as well as private-sector organizations that partner with the federal government will periodically be allowed to read classified e-mails from fusion centers r... read more»

Virgin Mobile punished for sending spam
(from Sydney Morning Herald at 19-3-2010)
Virgin Mobile Australia will pay the media watchdog $22,000 after it sent email promotions to people who had opted out of receiving marketing material. The Australian Communications and Media Authority (ACMA) investigated alleged breaches of the Spam Act by the mobile phone company when it was made aware of an email being sent to customers who had opted out of receiving promotional material.... read more»

Court bars charges against teen who posed semi-nude
(from The Register at 19-3-2010)
A federal appeals court rebuked a Pennsylvania district attorney who threatened to file felony child pxxxography charges against teens who were photographed semi-nude unless they attended an "education program." In a unanimous decision issued Wednesday by the appeals court in Philadelphia, a three-judge panel said the threat amounted to a "Hobson's Choice" that would retaliate against one of the girls and her family for exercising their constitutional right to free speech. A rare dose of gove... read more»

Cerf on internet without borders
(from The Sydney Morning Herald at 19-3-2010)
VINTON Cerf clearly recalls something billionaire investor George Soros told him in 1994: ''He said just because the internet is open now doesn't mean it will stay that way.'' That observation, Cerf says, holds as much today as it did in 1994, maybe even more so. As one of the creators of the key technology behind the internet, Cerf has strong beliefs about the freedom people should have online. Yet increasingly governments, including Australia's, are taking steps to restrict full access to t... read more»

Spider email joker's website suspended
(from Computer World at 19-3-2010)
The website of infamous Internet prankster, David Thorne, has been suspended for the second time in two weeks. It is not yet known why the web account was taken down, but the irreverent blogger has a history of provoking law suits and tricking the media. Thorne claimed his account was suspended on 3 March after South Australia Police took action against a blog proposing an investment opportunity in a drug-dealing business. But probing by e-activism blog,, seemed to unco... read more»

London hospital to treat internet-addicted teens
(from The Age - Australia at 19-3-2010)
Teenagers who cannot tear themselves away from the internet, computer games or their mobile phone can get help from a new addiction service, a spokeswoman said Thursday. A private London hospital has launched Britain's first dedicated technology addiction service for what it dubbed "screenagers", after parents complained their children were flying into a rage when told to turn off their computer.... read more»

Five doomsday scenarios for IT apocalypse
(from TechWorld at 19-3-2010)
Technology drives just about everything we do, and not just at our jobs. From banks to hospitals to the systems that keep the juice flowing to our homes, we are almost entirely dependent on tech. More and more of these systems are interconnected, and many of them are vulnerable. We see it almost every day. Heck, what if God decided she'd had enough of us and decided to send a solar storm our way? If you think these things can't happen, think again. Some already have occurred on a smaller scal... read more»

Spammers survive botnet shutdowns
(from BBC at 19-3-2010)
Spam levels have not been dented by a series of strikes against controllers of networks of hijacked computers. Early 2010 has seen four such networks, or botnets, tackled via arrests, net access cutoffs and by infiltrating command systems. The successes have not inconvenienced hi-tech criminals who found other routes to send spam, say experts.And, they add, despite falling response rates, spam remains too lucrative for criminals to abandon.... read more»

uTest "Battle of the TV Networks" Uncovers Nearly 1,000 Bugs in Web and Mobile Apps of NBC, CBS, Fox and ABC
(from Marketwire at 19-3-2010)
uTest, the world's largest software testing marketplace, today announced the results of its TV Networks Bug Battle competition. More than 500 uTesters from 30 countries around the world participated in the quarterly competition, reporting a total of 908 technical, functional and GUI bugs in the web and mobile apps of NBC, CBS, Fox and ABC. The uTest community of software professionals also ranked the TV Networks for best video quality, usability, community features and TV content & shows. NBC... read more»

Lessons learned at RSA Conferences
(from Net-Security at 19-3-2010)
In this video, Philippe Courtot, the Chairman and CEO of Qualys, offers insight into the past and present of the RSA Conference. He talks about how it has been growing and how it became the key information security event in the world. He mentions hot topics over the years and focuses on news from this year's edition of the event - especially on cloud computing and related challenges.... read more»

Singapore's biggest forum, Hardwarezone Forums, gets hacked (friendly)
(from CNet at 19-3-2010)
I don't know what's official, but I haven't seen a forum even remotely as large as Hardwarezone's forums in Singapore, largely due to the EDMW chit chat section which sees HUGE, HUGE million-scale pageviews daily. Hardwarezone was set up by a bunch of kids who sold the whole thing to SPH Magazines a couple of years back. Hardwarezone has seen its fair share of action, including defamation litigation, in the past. Since then, it has been trying to keep its head clean, projecting a big company ... read more»

NIST Special Publication 800-128 - Guide for Security Configuration Management of Information Systems
(from NIST at 19-3-2010)
Compliance with NIST Standards and Guidelines In accordance with the provisions of FISMA,1 the Secretary of Commerce shall, on the basis of standards and guidelines developed by NIST, prescribe standards and guidelines pertaining to federal information systems. The Secretary shall make standards compulsory and binding to the extent determined necessary by the Secretary to improve the efficiency of operation or security of federal information systems. Standards prescribed shall include informa... read more»

Google and the Cold War that businesses must play
(from whythawkratings at 19-3-2010)
Countries, aware of the value of strategic technologies in telecommunications, infrastructure and energy distribution, kept them locked tight and close. Governments spied on governments and hardly ever took the trouble to systematically infiltrate and spy on companies unless they were closely aligned with military objectives. Until now. With the end of the Cold War in 1991 came a general relaxation. Previously rigid industries became deregulated and there was an explosion of technological ... read more»

Companies Pursuing M&A in China Frequently Hacker Targets
(from nerdtwilight at 19-3-2010)
Published online on February 10, the article reported that the hack attacks that hit Google, Adobe, and other U.S. organizations were continuing and had affected far more companies than the original 20 or 30 victims reported by Google and others. The provocative comment comes later in the article, however. It is provided by Kevin Mandia, CEO of forensics firm Mandiant. In discussing the origins of the Operation Aurora malware and the advanced persistent threats (APTs) it unleashed, Mandia sai... read more»

Activist: China trying to silence critics
(from CNN at 19-3-2010)
Leading Chinese activist and artist Ai Weiwei declared that China's government has no humanity -- and that the Communist Party is trying to silence anyone who disagrees with it. "They crack down on everybody who has different opinions -- not even different opinions, just different attitudes," Ai told CNN's Christiane Amanpour in an exclusive interview on Tuesday. "Simply to have different opinions can cost (dissidents) their life; they can be put in jail, can be silenced, and can be disapp... read more»

Chinese partners warn Google to sort itself out
(from theInquirer at 19-3-2010)
CHINESE COMPANIES selling ad space on Google's search pages in the glorious Peoples Republic have demanded that it needs to sort out whether it's staying in China, or else. According to Reuters, Google has received and is reviewing a letter from angry partners that are becoming annoyed with the search giant for not making a firm decision on what it is actually going to do.... read more»

GPS Jammers Illegal, Dangerous, and Very Easy to Buy
(from FOXNews at 19-3-2010)
An electronic device small enough to fit in a shirt pocket and big enough to conceivably bring down an airplane can be easily purchased over the Internet. All a terrorist needs is a credit card and $49. With car thieves in the United Kingdom using GPS jammers to aid their getaways, experts say it's only a matter of time until crooks -- and, ominously, terrorists -- in the United States catch on.... read more»

Blank Plastic - Cases where criminals have gained access credit card numbers via keyloggers, skimmers or online hacks
(from F-Secure at 18-3-2010)
We regularily learn of cases where criminals have gained access credit card numbers via keyloggers, skimmers or online hacks. Once they have card numbers, they basically have three ways to turn the credit card numbers into cash: * Sell them * Make fraudulent purchases on them * Create real-world cards out of them To create real-world cards, you need blank cards to start with. These are known in the underground as "blank plastic".... read more»

International Workshop Endorses Principles of Security Incident Response for Africa
(from PrWeb at 18-3-2010)
As Internet deployment and use rates in Africa continue to grow, there must be a corresponding growth in the ability of network operators, governments and businesses to respond to computer security incidents of all kinds. In a coordinated effort to create and develop incident response teams in the region, the non-profit Forum of Incident Response and Security Teams (FIRST) and ICANN held a joint four-day cyber-security workshop aimed at Africa, in conjunction with the 37th ICANN meeting in Nairo... read more»

Lords 'shocked' by lack of cyber security cooperation
(from itpro at 18-3-2010)
The UK is well-placed to handle a cyber attack, but more cooperation is needed between NATO and the European Union on the globally important issue. This is according to a report from the House of Lords, which examined how well the UK and the rest of the EU would hold up against a criminal or politically-minded attack. "We are conscious that cyber-attacks, or natural or man-made disasters, can cause acute disruption to the internet in the short term," the report said.... read more»

Weak states leave EU open to cyberattack
(from TechWorld at 18-3-2010)
EU states need to work far more closely with one another to have any chance of fending off the sort of cyberattacks that caused huge problems for Estonia in 2007, a House of Lords report has said. According to the Protecting Europe against large-scale cyber-attacks report, the Estonian cyberwar of April that year was the model of the sort of attacks that were likely to hit the EU in the next few years, featuring a highly-connected society dependant on the Internet that also lacks adequate def... read more»

UK internet security rated among Europe's best
(from ZDNet at 18-3-2010)
Internet security around the UK's critical national infrastructure is among the best in Europe, a House of Lords committee has found. Essential UK utilities, banking and government systems are "reasonably well-placed" to cope with disruptions from cyberattacks and natural disasters, the Lords European Union committee said in a report on Tuesday. However, vulnerabilities in systems in other EU member states and European internet infrastructure could have an unforeseeable knock-on effect on ... read more»

Lords Demand NATO, EU Cooperate On Cyber Security
(from eweekeurope at 18-3-2010)
The lack of cooperation between the EU and NATO on cyber security issues is leaving member states vulnerable to “potentially catastrophic” cyber attacks, according to a new report by the House of Lords. The report examines how European states and their major organisations can defend themselves and their critical information infrastructures against large-scale cyber attacks, as well as assessing what level of EU intervention is appropriate.... read more»

RSA Reveals Zeus Trojan Cyber-Crime Infrastructure
(from eweekeurope at 18-3-2010)
Researchers in EMC’s RSA security division have uncovered an extensive infrastructure propping up the attackers behind the Zeus Trojan. The findings reflect part of the reason the disruption of Troyak-AS on 9 March only caused Zeus traffic to slow, as opposed to stopping it in its tracks. Troyak is just one part of a larger cyber-crime infrastructure helping to provide “bulletproof” hosting to attackers. “In light of our findings, AS-Troyak appears to be a piece in an intricate puzzle of n... read more»

Opinion: When security fails, who are you going to fire?
(from ComputerWorld at 18-3-2010)
Two recent unrelated news stories struck me as indicative of a fundamental problem with IT security: We seem to favor looking at symptoms over finding the root cause of problems. The first story was nearly comical for the effort that was expended to pin blame. Back in December, the Conficker virus infected 3,000 computers on the network of the Waikato District Health Board, which encompasses all of the hospitals in a district that accounts for 10% of New Zealand's population. Officials claime... read more»

Social networks shrug off FTC privacy concerns
(from v3 at 18-3-2010)
Web giants Facebook and Google have defended their social networking services after it was reported that a senior US regulator said she was concerned about the lack of protection consumer data is given in the cloud. Pamela Jones Harbour, one of five Federal Trade Commission (FTC) commissioners, said internet firms need to improve the encryption technology they use to protect the data held by online applications, according to widespread reports yesterday.... read more»

It does not take a village -- or a country
(from ComputerWorld at 18-3-2010)
Ex-National Security Agency Director Mike McConnell wants to re-engineer the Internet (and make itdictator-friendly) because the United States is fighting a cyberwar against hostile governments, or so he implies. It is far from clear that he understands who the real enemy is in the cyberwar, assuming we are engaged in one. McConnell writes in a recent Washington Post article that: "The United States is fighting a cyber-war today, and we are losing. It's that simple. As the most wired natio... read more»

Should major ISPs join the fight against botnets?
(from Net-Security at 18-3-2010)
The recent "de-peering" of the AS-Troyak ISP and its consequent struggle (and relative success) to reconnect to the Internet has put into the spotlight the tangled web of connections and C&Cs that is one of the main reasons why botnets are so hard to disrupt permanently. By incorporating an amazing amount of redundancy into their network, the bot masters are able to regroup and reroute their connections - when some go down, other are ready to take their place. This recent takedown also proved... read more»

Facebook hit by password stealing hack
(from federalnewsradio at 18-3-2010)
Tune in weekdays at 30 minutes past the hour for the latest cybersecurity news on The Federal Drive with Tom Temin and Jane Norris (6-10 a.m.) and The Daily Debrief with Chris Dorobek and Amy Morris (3-7 p.m.). Listen live at or on the radio at 1500 and 820 AM in the Washington, D.C. metro area. * If you get an e-mail that looks like it's from Facebook saying the company reset your password and urging you to open an attachment, it is a scam. CNet reports McAfee warned... read more»

Sheerness man Alan Hannaby jailed after discovery of indecent images
(from kentonline at 18-3-2010)
A Kent man has been jailed after admitting a series of offences including distributing indecent images of children at the worst level. Alan Hannaby, 51, of Sheerness, was sentenced to three-and-half years in jail at Maidstone Crown Court on Wednesday, after pleading guity to 20 offences, broken down into 10 offences of distributing indecent images of children and 10 offences of making indecent images of children. Police had raided his home on Ranelagh Road on December 22, 2008, when he was... read more»

“Joint forces will conduct globally-ranging cyber warfare,” says USJFCOM
(from thenewnewinternet at 18-3-2010)
Yesterday, the U.S. Joint Forces Command released the Joint Operating Environment 2010 report. The report details the future nature of the operational environment and how it will influence the function and structure of the joint force. Within the cyber realm, the report sees the continuation of the rapid developments in technology, improving the capabilities of the Joint Force. “Joint forces will conduct globally-ranging cyber warfare, either as independent operations or in support of deploye... read more»

Users Rejecting Security Advice Considered Rational
(from Slashdot at 18-3-2010)
Researchers have different ideas as to why people fail to use security measures. Some feel that regardless of what happens, users will only do the minimum required. Others believe security tasks are rejected because users consider them to be a pain. A third group maintains user education is not working. [Microsoft Research's Cormac] Herley offers a different viewpoint. He contends that user rejection of security advice is based entirely on the economics of the process.... read more»

Web sites that can take a punch
(from Physorg at 18-3-2010)
MIT researchers have developed a system to keep web servers — or, for that matter, any Internet-connected computers — running even when they’re under attack. The work was funded largely by the U.S. Defense Department’s Defense Advanced Research Projects Agency (DARPA), and in a pair of tests whose thoroughness is unusual in academia, DARPA hired a group of computer security professionals outside MIT to try to bring down a test network protected by the new system. In both tests, says Martin Rinar... read more»

Major ISPs can remove botnets, malware, CISO says
(from TechTarget at 18-3-2010)
Internet service providers have the ability to wipe nearly all malicious activity in their network without stepping on individual privacy and civil liberties, said Adam Rice, chief security officer at Mumbai-based Tata Communications Ltd., India's largest ISP which conducts operations in 80 countries. Rice said most tier-1 ISPs focus on tangible threats when conducting risk assessments, such as natural disasters, which can disrupt service, while botnet herders and other cybercriminals are a jugg... read more»

Rockefeller, Snowe Revise Cybersecurity Bill
(from govinfosecurity at 18-3-2010)
Sens. Jay Rockefeller and Olympia Snowe on Wednesday issued the latest draft of their cybersecurity bill that lays out the steps by which the president, in collaboration with the private owners of the nation's critical IT infrastructure, could halt Internet traffic in a declared national emergency. A summary of the legislation that accompanied the draft bill makes it clear that the proposed law does not grant the president any additional authority, and requires the administration and business... read more»

Activists turn 'hacktivists' on the web
(from BBC at 18-3-2010)
Among activists who hack to make a point, some stay firmly on the right side of the law but others push the idea of civil disobedience to the limits. Whatever the Chaos Computer Club's name suggests, Europe's largest hacker group is not intent on bedlam. For CCC member Frank Rieger, the word hacking - the process of reconfiguring or reprogramming a system to do things that its inventor never intended - needs to be reclaimed, and stripped of negative connotations.... read more»

Are we risking an Internet arms race
(from Itbusiness at 18-3-2010)
As speculation mounts that executives from Google Inc. are talking about leaving China over hacking allegations and censorship, some Canadian experts are concerned Internet freedom may be taking a back seat to security. “There is really this vast underbelly of malware and espionage that started out very much criminal in nature, is now morphing into political espionage," said Ronald Deibert, a political science professor at the University of Toronto and director of the Citizen Lab at the Munk... read more»

How to keep cyber attacks at bay
(from rediff at 18-3-2010)
Combating cyber attacks successfully is serious business. It cannot be achieved with sporadic knee jerk reactions or frequent band aid patches. The strategy has to be long term with sound basics in place. India has been at the receiving end of these cyber attacks because there is no formulated national policy on how to take on these attacks and each day brings a new surprise of a new victim. ... read more»

The Cyber War Has Not Begun
(from CSIS at 18-3-2010)
Expanded attention to cybersecurity is a good thing, but it seems that it is difficult to discuss this topic without exaggeration. We are not in a 'cyberwar'. War is the use of military force to attack another nation and damage or destroy its capability and will to resist. Cyber war would involve an effort by another nation or a politically motivated group to use cyber attacks to attain political ends. No nation has launched a cyber attack or cyber war against the United States.... read more»

An Assessment on the Cyber Threat
(from ctovision at 18-3-2010)
How would you describe the threat to the US information infrastructure? If you are a technologist or a national security expert or both I hope you would use your background and experience and expertice and produced a fused-all source assessment based on facts. But it is also ok to cite the masters, folks who really know what they are talking about and are paid to produce the most accurate possible reports.... read more»

Antivirus software poor against top three Trojans, says Trusteer
(from Computer Weekly at 18-3-2010)
Only 14 out of 42 antivirus engines tested detected the Zeus Trojan. The second most active Trojan, Silon, was detected by only Trend Micro's antivirus engine, and Yaludle, the third most prevalent Trojan, was picked up by only FSecure and Panda Software. Analysis revealed that most of the attacks were associated with the Zeus trojan. Zeus topped the list, being responsible for 65% of incidents, followed by Silon (25%) and Yaludle (10%).... read more»

Compliance-based security risky, says SecureWorks
(from Computer Weekly at 18-3-2010)
Proactive companies that do not have the required skills in-house are engaging with third-party experts rather than waiting until after an attack to call in the help they need to optimise their defence strategy, he said. A good place to start, said Ramsey, would be to identify an organisation's key information assets and then look at the various ways criminals could target those assets to determine the best way of protecting them. "Organisations that do not know what they need to protect a... read more»

Government censorship is hurting Chinese web businesses, says Tencent
(from Computer Weekly at 18-3-2010)
The Chinese government's censorship of the internet and text messaging is starting to hurt the development of its own internet businesses, according to the CEO of Tencent, China's most successful internet company. Tencent also complained about the Chinese government's surprise decision to stop mobile operators from letting customers buy goods on their mobile accounts. This had and would continue to hurt sales, it said.... read more»

The New Disclosure Debate and the Evil Mr. Moore
(from vrt-sourcefire at 18-3-2010)
So, let's pretend you are Rob, Mr. Head of IT, and that you are sitting in your office on March 9th, working on your fantasy baseball (I hear Albert Pujols is the way to go...) when one of your staff walks in and says that Microsoft has another 0-day running around. Internet Explorer 6 & 7 are vulnerable to a condition where invalid pointer that is accessed after an object is deleted. Putting on your best manager hat, you ask the hard question: "OK, what do we know?"... read more»

Cyber-threats are not strictly for money and are certainly not all commercial
(from SecurityPark at 18-3-2010)
This is not entirely a bad thing. Unless you’ve been living under a rock, everyone knows that technology has created unimaginable opportunity for resourceful crooks. The pitfall is in our myopia. We’ve become so obsessed with cyber-crime – a “petty” offense in the grand scheme of things – that we’ve overlooked the bigger picture. A recent New York Times article reminded us of a conspicuously under-reported digital security threat: Cyber-Terrorism. Dennis Blair, the Director of National Intell... read more»

Why do people bring child abuse images to the office?
(from netclean at 18-3-2010)
The initial question is actually: “Do people really bring child abuse images to the office?” The answer is sadly that it happens more often than you might think. According to an article in The Prosecutor magazine in Sweden in 2007, most of the findings of child abuse images are on company computers. According to the Child Exploitation & Online Protection Centre (CEOP) in the UK, a typical person caught with child abuse images is a 38-year old man – 66% had no previous criminal record, and 44%... read more»

Google Italy & Privacy: Not What You Might Think
(from Stanford at 18-3-2010)
Reading through Italian news coverage of the Google Italy case, another picture emerges. User privacy may well be at issue, but not in the way you probably think. I grew up in Italy and now research and teach Internet law in the United States. When I heard about the verdict against three Google executives, one of them an alumnus of the law school where I work, I went first to American sources, then to Italian ones. What I found was that most Americans may be getting the basic facts and ideas... read more»

The Challenge for Small and Medium Enterprises
(from BitPipe at 18-3-2010)
One hour a week. That’s how much time the typical small and medium business devotes to its information security. In survey after survey in customer focus groups and interviews, that’s what small and medium business customers are telling us. Meanwhile, these customers are under daily attack from an ever-growing list of information security threats. There are more new viruses and malware created each day, and most email sent today is spam. Loss of confidential data, personal identity numbers, ... read more»

18- to 24-year-olds most at risk for ID theft, survey finds
(from washingtonpost at 18-3-2010)
Ryan Thomas, an airman in the Air Force Honor Guard, bought some DVDs on the Internet using his debit card. It was a $20 payment made from his account, which had about $900. But the following day, his account balance was zero. Someone had stolen his account information and bought computer games and other items.... read more»

Irate Aussies go after US website
(from The Register at 18-3-2010)
The owner of a US website accused of breaking Australian law by the Australian Human Rights Commission has told them to rack right off. Encyclopaedia Dramatica is a tasteless collection of articles along the lines of Sickipedia or Something Awful. ED is refusing to bow to demands from the AHRC that it remove an article about aborigines. The AHRC letter accuses the site's largest shareholder, Joseph Evers, of breaching the Australian Racial Discrimination Act. It said it had received 20 compla... read more»

Privileged User Breaches Can Be Avoided
(from ca at 18-3-2010)
As reported in Dark Reading, the recent indictment of a former TSA employee is continued proof that the need to control privileged users remains paramount. The employee, Douglas James Duchack, was terminated and in the two weeks following his notice he allegedly put malware code on a database server in an intentional attempt to compromise the computer and database. The need to control privileged users and what they can (and cannot do) as well as monitor their activities is something all org... read more»

Hackers offered $100,000 for browser and phone exploits
(from TechWorld at 18-3-2010)
Security company 3Com TippingPoint has jacked up to $100,000 (£65,000) the prize money on offer to anyone able to hack a range of browsers and mobile devices at the forthcoming CanSecWest security conference. Running for the fourth year at the event, $40,000 of the Pwn2Own contest pot will be on offer to entrants that successfully exploit security vulnerabilities to compromise the top four browsers, Internet Explorer, Mozilla Firefox, Google Chrome, and Safari, equivalent to $10,000 per brows... read more»

Google's Chinese partners request urgent clarification
(from v3 at 18-3-2010)
Twenty-seven Chinese companies that sell Google ads in the region have sent an open letter to the web giant asking it to clarify its future in the country, and demanding compensation if it decides to pull out. In a translation of the letter by the Wall Street Journal (WSJ), the firms claim Google’s continued stand-off with the Chinese government is hurting their businesses, with investors and employees becomingly increasingly worried over their future.... read more»

Estonia Defense Minister: Cyberattacks Will Grow
(from CIO at 18-3-2010)
Three years after a widespread cyberattack temporarily shut down the Estonian economy, Estonia's defense minister said such incidents will only continue to grow. The 2007 Estonian incident came at a time when Russian nationalists had taken to the streets in protest over the government's decision to move a Soviet war memorial. The goal of the cyberattack was to undermine the credibility of Estonia's government, said the country's defense minister, Jaak Aaviksoo, speaking at the IT Security Ent... read more»

VA faces major hurdles to comply with FISMA, audit finds
(from Federal Computer Week at 18-3-2010)
Despite a major improvement in cybersecurity, the Veterans Affairs Department still has “significant” obstacles to overcome to meet federal cybersecurity standards, according to a new report released by the VA’s Office of Inspector General. According to a summary of the report, the VA “continues to face significant challenges in complying with the requirements of FISMA due to the nature and maturity of its information security program. In order to better achieve the FISMA objectives, the depa... read more»

Cyber attack brought down national election website
(from Colombia Reports at 18-3-2010)
Arolen S.A., a firm contracted by private telecommunications company UNE to provide technical services for the recent congressional elections, blamed a cyber attack for downing the national elections webpage of the National Registry. The National Registry's website and the website publishing the election results were down for most of Sunday and Monday, restricting the public's access to up-to-date election information. According to Arolen's General Director, Ivan Ribon, the website's failu... read more»

Revised cybersecurity bill introduced in Senate
(from ComputerWorld at 18-3-2010)
A revised version of a cybersecurity bill first proposed last year was introduced again in the U.S. Senate today, notably without a controversial provision that would have given the President authority to disconnect networks from the Internet during a national emergency. The bill, called the Cybersecurity Act, is sponsored by Senators Jay Rockefeller (D-W.Va.) and Olympia Snowe (R-Maine). It seeks to improve national cybersecurity preparedness by fostering a closer collaboration between the g... read more»

Malware found on another HTC Magic smartphone
(from NetworkWorld at 18-3-2010)
Traces of the now defunct Mariposa botnet has been found on another HTC Magic from Vodafone in Spain, security company Panda wrote in a blog post on Wednesday. The malware was once again found on the SD card that shipped with the Android-based smartphone.... read more»

Lords call for greater EU/Nato cyber security cooperation
(from v3 at 18-3-2010)
The House of Lords has called on the EU and Nato to urgently review their lack of cooperation on cyber security and put future attempts at working together on a more formal basis. A new report from The House of Lords European Union Committee published today looks at the role the EU can play in helping the UK and other Member States to prevent and detect cyber-attacks.However, the Committee said it was shocked by the lack of cooperation between the EU and Nato on cyber security matters, noting... read more»

Twitter hit by site outage
(from ComputerWorld at 18-3-2010)
Users of popular micro-blogging service Twitter have been unable to access the site since just after 3am GMT Wednesday (11pm EDT/8pm PDT Tuesday). "We’re investigating a general site outage since about 8:03pm PDT," Twitter said on its status page. Visitors to the site are being greeted with the "Fail Whale," an illustration of a whale used by Twitter to signify the site is over capacity, or a message advising a technical fault.... read more»

Email scam targets Facebook users
(from The Sydney Morning Herald at 18-3-2010)
Computer hackers are targeting Facebook users with an email scam that attempts to steal their passwords, web security firm McAfee said. McAfee said some users of the world's most popular social networking site were receiving emails that appeared to be from Facebook informing them their Facebook password had been reset and to click on an attachment to retrieve it.The security firm said the attachment is actually a "password stealer" that is installed when a user clicks on it and can potentiall... read more»

Child pxxx, drugs lead Internet content complaints in Japan
(from ComputerWorld at 18-3-2010)
Complaints to a Japanese Internet watchdog regarding illegal content almost doubled in 2009, led by a surge in reports related to child pornography and illegal drugs. The Internet Hotline Center received 27,751 reports of illegal content, which is a jump of 95 percent on 2008, the country's National Police Agency (NPA) said on Wednesday. Just over half the complaints concerned pornography, a jump of 81 percent on the year earlier, with those related to dating Web sites, bank account phishi... read more»

Police investigate 'boy for sale' Web ad
(from United Press International at 18-3-2010)
U.S. authorities say they are trying to determine whether an Internet ad offering a 4-year-old boy "for sale" for $5,000 was a hoax or something more sinister. The author of the Spokane, Wash., posting on Craigslist offering the child, Gavin, allegedly claimed to be his father, The (Spokane) Spokesman-Review reported Wednesday. The ad was posted Feb. 27.The ad's author, identifying himself as Rick Obelophy, said the boy was a "great kid" who loved "basketball, football and soccer but doesn't ... read more»

Hackers attacked Colombian vote count
(from Yahoo at 18-3-2010)
Unidentified hackers struck the computerized system used to transmit voting data in Colombia's legislative elections, disrupting the vote count, the private contractor responsible for the system charged Wednesday. Ivan Ribon, spokesman for Arolen, a company hired to transmit results of Sunday's voting over the Internet, told local media Wednesday that hackers struck at the moment polls closed at 2100 GMT. "Early reviews show that there were 75,000 hits a second, which does not happen even on ... read more»

Google is building a private Internet that's far better, and greener, than the Internet
(from ZDNet at 18-3-2010)
The Internet is huge but it’s a hodgepodge of hundreds of thousands of smaller, private networks, connected through thousands of Internet Service Providers (ISPs) and dozens of backbones operated by the large Telcos and service providers. Moving data from one end of the Internet to the other can mean traveling across many different computers and different networks. Some of these computers and networks are old and inefficient while some are modern and very efficient.... read more»

Dissecting a health care IT failure
(from ZDNet at 18-3-2010)
Most writing on IT failures focuses on either detailed technical problems or high-level strategy and project management issues. As a result, we do not always see clear connections between strategy, culture, technology oversight, and failure. A new Cutter Consortium report by IT failures expert and author, Phil Simon, fills this gap by taking a deep analytical dive into an IT failure at a major hospital system. Cutter is currently making the lengthy report, titled How Not to Run an IT Project:... read more»

Facebook traps Italian fugitive mafia suspect
(from BBC at 18-3-2010)
Italian police have used social networking site Facebook to track down and capture one of the country's most-wanted fugitive mafia suspects. Pasquale Manfredi, accused of being one of the top figures in the 'Ndrangheta mafia, was found in Calabria. The 33-year-old, who faces charges of murder, mafia association and drugs trafficking, was traced via his network of Facebook contacts. Reports suggest he called himself Scarface, after the film character.... read more»

Hacker Disables More Than 100 Cars Remotely
(from Wired at 18-3-2010)
More than 100 drivers in Austin, Texas found their cars disabled or the horns honking out of control, after an intruder ran amok in a web-based vehicle-immobilization system normally used to get the attention of consumers delinquent in their auto payments. Police with Austin’s High Tech Crime Unit on Wednesday arrested 20-year-old Omar Ramos-Lopez, a former Texas Auto Center employee who was laid off last month, and allegedly sought revenge by bricking the cars sold from the dealership’s four... read more»

AS-Troyak Exposes a Large Cybercrime Infrastructure
(from RSA at 18-3-2010)
Last week, RSA and other security professionals noticed a sudden halt in the activity of an upstream Internet connectivity provider named “AS-Troyak”, thus causing several major malware-hosting networks to disconnect from the Internet. Further investigation proved that AS-Troyak is merely one part of a larger cybercrime infrastructure providing “bulletproof” hosting to malicious content perpetrators. The RSA Anti-Fraud Command Center (AFCC) and RSA FraudAction Research Labs have been investig... read more»

Online fraud shows no signs of slowing
(from v3 at 18-3-2010)
Online fraud is continuing to prove a major headache for e-commerce firms and banks, with 11 per cent of the online UK population falling victim in the past 12 months, according to new research from VeriSign. The secure web authentication firm’s biannual Online Fraud Barometer report estimated that average loss for individuals totaled £352, with 12 per cent of victims still waiting to be fully reimbursed for the money they lost.... read more»

Google may keep Chinese web services alive
(from Times Online at 18-3-2010)
Google is considering a plan to keep many of its operations in China, even though it is resigned to closing its flagship search engine over a censorship dispute with the Chinese authorities. The company could keep operating its Beijing research and development centre, advertising sales offices and mobile phone and browser businesses. Some Google web services may survive, including its Chinese music search business and the popular Chinese version of its knowledge market site, Google Answers.... read more»

Gartner: Virtualization security will take time
(from scmagazineus at 18-3-2010)
In five years, virtualized systems likely will be more secure than their physical counterparts, but until then, it will be rough sledding for organizations transitioning to the new technology, according to a new report from Gartner. Through 2012, 60 percent of virtualized servers will be less secure than the physical servers they replace, revealed the findings, released Monday. The analyst firm blamed the stumbling on organizations' failure to involve the IT security team in its deployment pr... read more»

Ex-auditor Jeremy Colman in court over images
(from BBC at 18-3-2010)
The former Auditor General for Wales Jeremy Colman has appeared before magistrates in Cardiff to face 14 child pornography charges. Mr Colman, 61, is charged with making and possessing 429 images, of which 126 were of a more serious "level four". He also faces one charge of failing to disclose a key to protected information. He did not enter a plea. Mr Colman spoke in court only to confirm his name and address and was released on bail. The conditions of his bail are that he does not attend Wa... read more»

Guest Post: Reaction to Cyber Shockwave
(from Secure Thinking at 18-3-2010)
Last month, I posted a story called “Reaction to Cyber Shockwave” on my TaoSecurity Blog. Cyber Shockwave was a real-time simulation of a U.S. National Security Council meeting, where former government, military and national security officials acted as the NSC principals (National Security Advisor, Director of National Intelligence, Attorney General, and so on). The participants dealt with a malware outbreak that disrupted telecommunications and critical infrastructure. CNN recorded and then ... read more»

Madoff geeks charged for writing book-cooking code
(from The Register at 18-3-2010)
A federal grand jury has indicted two computer programmers on fraud and conspiracy charges for developing programs used by Bernard Madoff to cook the books in his billion-dollar ponzi scheme. Jerome O'Hara and George Perez knowingly created the programs that removed or altered key data contained in reports submitted to regulators in the United States and Europe, according to the indictment filed Wednesday in US District Court in Manhattan. Among other things, their code contained algorithms t... read more»

Court: State Can Dump Non-Sex Offenders Into Registry
(from Wired at 18-3-2010)
Georgia’s Supreme Court is upholding the government’s right to put non-sex offenders on the state’s sex-offender registry, highlighting a little-noticed (but growing) nationwide practice. Atlanta criminal defense attorney Ann Marie Fitz estimated that perhaps thousands of convicts convicted of non-sexual crimes have been placed in sex-offender databases. Fitz represents a convict who was charged with false imprisonment when he was 18 for briefly detaining a 17-year-old girl during a soured dr... read more»

Health records compromised
(from calgary sun at 18-3-2010)
Alberta’s privacy commissioner has launched an investigation into the potential compromise of thousands of patient files at a northeast medical clinic. The University of Calgary Sunridge Medical Clinic at 3465 26 Ave. N.E. has sent letters to more than 4,700 patients informing them their personal information may have been accessed by unauthorized parties after two viruses infected one of the clinic’s computers. The computer affected was used to store copies of faxes -potentially including tes... read more»

Google fails to renew Chinese licence as advertisers cry foul
(from The Age - Australia at 18-3-2010)
Google appears to have missed a Monday deadline to re-register as an ''internet content provider'' in China, which observers say is a sign that it is preparing to shut down its search engine there. Meanwhile a group of 27 Chinese advertising agencies have sent Google a letter calling for talks over compensation for possible business losses if the internet giant pulls out of the country and advertisers have advised clients to start transferring contracts to rivals.... read more»

Medicare data breaches increase privacy fears
(from theaustralian at 18-3-2010)
MEDICARE Australia dealt with 234 serious data privacy breaches by employees in 2007-08, but 160 of these resulted in only an emailed warning or counselling. In the three years from November 2006 until December last year, 569 staff were identified as having "unauthorised access" to client records held by the agency. Contrary to recent Medicare claims that most of the unauthorised access related to staff accessing their own records, only 171 out of the 569 investigated were in that category... read more»

Racists and Terrorists Increasingly Using Social Networking Sites
(from hsdl at 18-3-2010)
The Simon Wiesenthal Center issued a new report that found that racists and terrorists are increasingly using online social networks as a means to disseminate their "digital terror and hate speech," and relying less on traditional websites. According to the report, there has been "a 20 percent increase in the number of hate and terrorist-abetting Web sites, social network pages, chat forums and micro-bloggers over the last year, to a total of 11,500." This report "is intended as a 'collecti... read more»

Live Data In Test Environments Is Alive And Well -- And Dangerous
(from DarkReading at 18-3-2010)
Those charged with the care and feeding of database information stores, beware: A new statistic tucked into a comprehensive study of financial services firms' data protection policies shows that even at the most security-aware organizations, application developers still use live data in their development and test environments. The study, released earlier this month by the Ponemon Institute and commissioned by Compuware, showed that among 80 very large financial organizations, 83 percent use l... read more»

Cyber crime losses in US almost 'double' during 2009
(from BBC at 18-3-2010)
US losses to online crime almost doubled during 2009, reveals a report. Losses totalled $560m (£371m) in 2009, up from $265m (£176m) in 2008, showed the annual report by the Internet Crime Complaint Center (IC3). Complaints about online fraud grew 22% during 2009 and the IC3 received more than 336,655 reports of high-tech crime incidents from victims.... read more»

Hackers Lurking in Hotel Networks
(from infosecisland at 18-3-2010)
Many frequent business travelers spend almost as many nights sleeping in hotels as they do in their own beds. The need to stay productive when you’re on the road means that travelers must rely on whatever means available to stay connected, even if it’s an unprotected hotel wireless network. It’s not uncommon for even tech-savvy road warriors who pack their own EV-DO modems to simply hop on the hotel’s network instead of using up their precious bandwidth allotment for the month.... read more»

DNSSEC Moving Ahead at .Org and ICANN
(from enterprisenetworkingplanet at 18-3-2010)
The march to secure the Internet's core DNS (define) infrastructure with DNSSEC (define) is moving forward. Since at least the summer of 2008, when security researcher Dan Kaminksy disclosed a critical vulnerability in DNS, the global Internet domain routing ecosystem has been moving to implement DNSSEC, which provides is a digitally signed mechanism to authenticate the integrity of DNS information, secure the system and prevent attacks. Among the first generic Top Level Domains (gTLD) to ... read more»

Prof warns of arms race on the Web
(from ITWorldCanada at 18-3-2010)
As speculation mounts that executives from Google Inc. are talking about leaving China over hacking allegations and censorship, some Canadian experts are concerned Internet freedom may be taking a back seat to security. “There is really this vast underbelly of malware and espionage that started out very much criminal in nature, is now morphing into political espionage," said Ronald Deibert, a political science professor at the University of Toronto and director of the Citizen Lab at the Munk... read more»

Soca tackles cybercrime at domain level
(from hostexploit at 18-3-2010)
Lax domain registration processes are making it easier for criminals to operate online, according to the UK's Serious Organised Crime Agency. The British law enforcement agency is talking to Icann — the organization that coordinates the internet's naming system — and several regional internet registries, including Ripe, to persuade them to tighten up their procedures for authenticating applicants for domain registration and IP address-block allocation.... read more»

Survey: Disaster recovery a bigger priority than data security
(from hostexploit at 18-3-2010)
Despite the ever increasing threat of cyber attacks and hackers, business leaders who recently took part in a Honeywell-sponsored survey say that disaster recovery planning and preparedness are a bigger priority than securing their networks. Of the more than 400 corporate executives who took part in the survey entitled, “2009-2010 Preparedness, Security and Crisis Communications,” 55 percent said a pandemic was the biggest threat to their organization. Natural disaster was ranked second by ex... read more»

Google Attacks Highlight Growing Problem of Cyber Security Threats
(from Voanews at 17-3-2010)
Internet search-engine-giant Google's disclosure it was the target of a highly sophisticated cyber attack has brought renewed attention to the growing problem of cyber security threats. In this first report of a three part series on cyber security and Internet freedom, VOA looks at the problem of how to counter threats in cyber space. The freedom to connect Modern technology is increasingly becoming a part of everyone's everyday life. We use the latest gadgets and Internet connections to... read more»

Cybercriminals Target Local Governments
(from FOXNews at 17-3-2010)
A new trend has local governments on guard: global computer hackers stealing their money. It is happening across the country, local municipalities, town and village governments, school districts and counties becoming victims of cybercrime. The Duanesburg School District in upstate New York was hit, and lost $3 million; the town of Sandwich, Massachusetts, $34,000; Sherwood, Arkansas, about $200,000; and a reported $415,000 from Bullitt County, Kentucky.... read more»

Feds May Send Agents Undercover On Social Networking Sites
(from CRN at 17-3-2010)
Federal law enforcement agencies are considering putting undercover agents on social networking sites like Facebook, Twitter and MySpace for investigative and data gathering purposes, according to a U.S. Department of Justice document. The confidential, 33-page DOJ presentation was obtained by the Electronic Frontier Foundation (EFF), a digital rights advocacy group, which made it public Tuesday. The document was prepared by the DOJ's Computer Crime & Intellectual Property Section.... read more»

Washington a capital for cyber criminals
(from washingtonexaminer at 17-3-2010)
Losses to online scams double nationally The District of Columbia has more cyber criminals per capita than anywhere else in the country, according to new study. For every 100,000 people, the District has 116 cyber crime perpetrators, 10 more per capita than second-ranked Nevada, an analysis of 2009 cyber crime complaints released by the Internet Crime Complaint Center said. Maryland ranked 19th with nearly 30 per 100,000 people and Virginia was 28th with 24 per 100,000, The center, a joint... read more»

Google, Yahoo, Microsoft Still Censoring In China
(from nartv at 17-3-2010)
Today MSNBC reported that Google “appears” to have stopped censoring its search engine in China, This is not true. In Search Monitor Project: Toward a Measure of Transparency I tried to carefully document the different censorship practices among Google, Yahoo, Microsoft and Baidu. In short, it is difficult to determine the relationship between queries and censorship, so I focused on domains.... read more»

Zeus Trojan Now Has Hardware Licensing Scheme
(from threatpost at 17-3-2010)
The authors of the Zeus bot client, perhaps the most popular and pervasive piece of malware of its kind right now, have taken an extraordinary step to protect their creation: inserting a hardware-based licensing scheme into the Trojan. This represents a significant leap in the sophistication and professionalism of malware development, researchers say. Zeus has been making the rounds on the Web for some time now, and it has gone through a number of revisions and upgrades in recent months. Its ... read more»

Disqus for ePayment News