Saturday, May 1, 2010

Internet (Lack of) Security News through 5/1










This Free IT-Security news feed is provided by E-Secure-IT; the most comprehensive and complete Business Risk Management Intelligence Service and IT-Security Risk and Threat Early Warning Service available in the market today.

Visit us at www.e-secure-it.com or email more-info@e-secure-it.com for more information on our available services.


























































































































































































































































































































































































































Warning: Why your Internet might fail on May 5
(from SecureComputing at 1-5-2010)
Network managers are being urged to run a series of checks on their routers and firewalls to ensure their users will still be able to connect to internet sites in the wake of a major change to the internet's domain name system next week. On May 5, the world's top domain authorities (led by ICANN, the US Government and Verisign) will complete the first phase of the roll-out of DNSSEC (Domain Name System Security Extensions) across the 13 root servers that direct user requests to the relevant w... read more»





Adobe PDF unfixed flaw exploited by hackers
(from TechWorld at 1-5-2010)
Several security companies warned of a major malware campaign that tries to dupe users into opening rigged PDFs that exploit an unpatched design flaw in the format Users who open the attack PDFs are infected with a variant of a Windows worm known as "Auraax" or "Emold," researchers said. The malicious messages masquerade as mail from company system administrators and come with the subject heading of "setting for your mailbox are changed," said Mary Grace Gabriel, a research engineer with C... read more»





How Mine Safety is Like Internet Governance
(from thesecuritypractice at 1-5-2010)
There was a great piece on NPR the other day about the MSHA (Mine Safety and Health Administration) and how their enforcement against unsafe mines has been sorely lacking. One key piece of the story is that essentially the statutory authority granted to the MSHA is to close a mine, or a section of it. They don’t have the power to levy fines for example, or prosecute individuals doing unsafe things. As a result, their main weapon is essentially the nuclear option against a mine operator. Th... read more»





Germany, UK arrests 25 in suspected CO2 tax probe
(from reuters at 1-5-2010)
Britain's HM Revenue and Customs (HMRC) told Reuters it had arrested 8 people in Scotland and 13 more in the rest of the UK after a search of 81 businesses and residential premises. Frankfurt prosecutors made three arrests in Germany and one under a European arrest warrant in Britain, where 50 more individuals were under investigation, said a spokesman for the Frankfurt prosecutors office, which has spearheaded the investigation. The fraud occurs when companies buy carbon permits in one co... read more»





Cyber Crime Unit for Europe?
(from thenewnewinternet at 1-5-2010)
Ministers in Europe are considering establishing a unit that will call for international cooperation to protect nations and citizens from cyber crime and other technology-related problems. At a general affairs council meeting in Luxembourg on April 26, the Council of European Union proposed different strategies to combat crime on the Internet. The council saw the need to ensure a very high level of network security and faster reaction in the event of cyber disruptions or cyber attacks by mean... read more»





CERT-In to serve as national agency for incident response
(from MeriNews at 1-5-2010)
INDIAN COMPUTER Emergency Response Team (CERT-In) is a functional organisation of Department of Information Technology, Ministry of Communications and Information Technology, Government of India, operational since 2004, with the objective of securing Indian cyber space. Now with Information Technology (Amendment) Act, 2008 coming into force from October 27, 2008, the CERT-In is a legal authority under newly inserted Section 70-B of Information Technology Act read with notification published in P... read more»





CyberSecurity Malaysia Cautions People of Phishing Bank Websites
(from spamfighter at 1-5-2010)
CyberSecurity Malaysia have cautioned people to be watchful of fake or phishing websites used to carry out 'phishing attack' by disguising as reliable entities like familiar banking websites. In this particular scam, cybercriminal mainly attempts to convince users to visit falsified banking websites. Usually, Internet users are persuaded by using e-mails that are so well written that users click onto a link which would redirect them to a phishing or fake website. Notably, this latest alert... read more»





Symantec Bets on Data Protection with PGP and GuardianEdge
(from Securosis at 1-5-2010)
Symantec has once again flexed its wallet, and bought a spot in the data protection market. By acquiring PGP Corporation for $300MM and GuardianEdge for $70MM in cash, Symantec basically bought the marketshare lead in endpoint encryption. Whatever that means, since encryption is a number of different markets with distinct buying constituencies and market leaders. We estimate PGP got a multiple of around 4x bookings, and GuardianEdge got between 3-4x as well, which is pretty generous but not ... read more»





Facebook Is the Top Search Term on All Three Major Search Engines
(from Softpedia at 1-5-2010)
Not that there’s anyone doubting that Facebook is the biggest thing online right now, but here’s yet another sign. The number one searched query on all major search engines is now ‘facebook.’ The number three search term: ‘facebook login’ or ‘facebook.com.’ Clearly, Facebook users aren’t exactly tech savvy. Then again, there’s almost 500 million of them worldwide, so nothing should be surprising at this point. “Experian Hitwise announced today that the search term Facebook was the top U.S. se... read more»





The Source of All That Spam Dwells Among Us
(from ITBusinessEdge at 1-5-2010)
We talked about how spam can hurt the company brand. But where is the spam coming from? According to the Microsoft Security Intelligence Report Volume 8, the bulk of the spam infilitrating our mailboxes is generated in the United States. The report found that 27 percent of spam comes from U.S. computers. Korea was next with 6.9 percent. Symantec's MessageLabs April 2010 Intelligence Report said that 90 percent of e-mail received in the United States is spam -- certainly not good news for any... read more»





Kerry McCarthy’s "D’oh" moment
(from cogitodexter at 1-5-2010)
Unlike Gordon’s “d’oh” moment yesterday, which could simply cost him an election, Kerry McCarthy – Labour’s so called ‘twitter tsar’ – decided today to go one better on her boss, at least in terms of personal consequences, and do something that could end up with her having a spell in chokey. Yup, Ms McCarthy decided, upon observing the opening of postal ballots, to publish, via Twitter, approximate results of what she observed. And, in doing so, contravene electoral law which very expressly p... read more»





Sarah Palin Compares Hacking Case to Watergate
(from CBS News at 1-5-2010)
Former Tennessee college student David Kernell was found guilty today of hacking into Sarah Palin's e-mail account during her 2008 campaign for the vice presidency. In a Facebook note today, Palin said the incident raised concerns about "the integrity of our country's political elections." She compared the hacking case to one of the United States' most notorious political scandals: Watergate.... read more»





Police seize Gizmodo's computers in iPhone probe
(from CNet at 1-5-2010)
Police have seized computers and servers belonging to an editor of Gizmodo in an investigation that appears to stem from the gadget blog's purchase of a lost Apple iPhone prototype. Deputies from the San Mateo County Sheriff's office obtained a warrant on Friday and searched Jason Chen's Fremont, Calif., home later that evening, Gizmodo acknowledged on Monday.... read more»





The people involved in sale of lost iPhone revealed
(from CNet at 1-5-2010)
The saga of the lost prototype iPhone started with a 21-year-old Silicon Valley resident who says he regrets not trying harder to find its real owner, according to a published report. Brian J. Hogan, a 21-year-old resident of Redwood City, Calif., is the person who found the iPhone and was paid by Gizmodo, according to a story published on Thursday by Wired.com. Hogan's lawyer issued a statement to Wired and said Hogan was in the bar with friends when another patron handed him the phone af... read more»





iC3 Annual Report on Internet Crime Shows Total Dollar Loss More Than Doubles
(from pindebit at 1-5-2010)
From January 1, 2009 through December 31, 2009, the Internet Crime Complaint Center (IC3) Web site received 336,655 complaint submissions. This was a 22.3% increase as compared to 2008 when 275,284 complaints were received.... read more»





EBAday to Set the Agenda for the European Payments Industry
(from pindebit at 1-5-2010)
An impressive list of board directors, chief financial officers and payments heads from Europe's leading banks have confirmed their participation in the conference programme for the fifth annual EBAday, taking place this year in Luxembourg on 26 and 27 May. Payments professionals from across Europe will gather in Luxembourg in May for two days of intense networking and debate at the fifth annual EBAday forum.... read more»





Chinese Want to See Encryption Info
(from pindebit at 1-5-2010)
The Chinese government is looking to force security vendors to disclose their encryption information based on new regulations that will come into effect on Saturday. The regulations stipulate that companies selling products that fit into one (or more) of six categories must submit their encryption information to a government panel to receive a license to sell to Chinese government agencies. ...read more»





Microsoft's Malware Threat Assessment by Country
(from pindebit at 1-5-2010)
Microsoft Security Intelligence Report (SIR) is a comprehensive and wide-ranging study of the evolving threat landscape, and addresses such topics as software vulnerability disclosures and exploits, malicious software (malware), and potentially unwanted software. Volume 8 of the Security Intelligence Report (SIR v8) covers July 2009 through December 2009. It includes data derived from more than 500 million computers worldwide, each running Windows. It also draws data from some of the busies... read more»





9th Annual Merchant Survey from e-tailing group
(from pindebit at 1-5-2010)
The e-tailing group 9th Annual Merchant Survey: eCommerce is Mission Critical for Retail Today with Investments and Strategies Aligned. An impressive 59% vs. 36% in 2009 are planning to invest somewhat more in e-commerce than they did in 2009 given its essential role for today’s retailers. With a recovering economy and shifting channel priorities, 92% anticipate 2010 Internet revenues to increase over ’09 with significant growth in the 6-15% range; just 8% report a flat or downward trend i... read more»





You Have All Been Unanimously Found Guilty of "Innocence"
(from pindebit at 1-5-2010)
The lifetime "sentence" handed down for your crime? "Don't Type ... Swipe!" Statistics show that the number of unique undetected malicious programs used to steal money from Internet users has been rising exponentially. Remember back in the "old days" when people used think it was safe to type their credit or debit card numbers into boxes at a website retailers checkout page? I used to remember thinking. "Isn't that the equivalent of writing your credit or debit card number down on a pie... read more»





Using Open Source Information
(from lansingbusinessmonthly at 1-5-2010)
Do you know how to use open source information to prepare and better protect your business? Open source information gathering can be a powerful aid in helping a business to prepare accordingly for any type of adversity, whether it is a natural disaster or criminal activity. Between 80 and 90 percent of intelligence information can be legally gathered through public sources.... read more»





Microsoft warns against net neutrality going too far
(from washingtonpost at 1-5-2010)
I dug a bit more today and found some interesting nuggets in Microsoft’s comments about the Federal Communications Commission’s proposed net neutrality rules. The software giant, long a proponent of open Internet policies, isn’t as keen on some portions of a proposed rule by FCC Chairman Julius Genachowski that would restrict any discrimination of Web traffic or applications by broadband access providers such as Comcast, AT&T and Verizon.... read more»





Serious XSS flaw haunts Microsoft SharePoint
(from ZDNet at 30-4-2010)
Microsoft’s security response team has confirmed the existence of a serious cross-site scripting (XSS) vulnerability in the Microsoft SharePoint Server 2007 product. The vulnerability, which can be exploited via the browser, could allow a malicious hacker to execute arbitrary JavaScript code within the vulnerable application. A proof-of-concept exploit has been publicly posted and Microsoft is expected to issue a formal security advisory before the end of this week to offer pre-patch workaro... read more»





IT contractor gets five years for $2M credit union theft
(from ComputerWorld at 30-4-2010)
For the second time this week, companies are getting a stark reminder of the danger posed to enterprise networks and assets by insiders with privileged access. Zeldon Morris, a Provo, Utah computer contractor, was sentenced on Wednesday to more than five years in prison after pleading guilty to stealing close to $2 million from four credit unions that he performed IT services for. Judge Clark Waddoups of the U.S. District Court for the District of Utah also ordered Morris to repay more tha... read more»





Which is the Real ZeuS Botnet?
(from threatpost at 30-4-2010)
Amongst some others the Zeus bot is one of the most prolific bots in the wild and in the media. Lately there has been quite a few reports on the aspects surrounding Zeus, such as new research and the Troyak takedown. Naturally, this is great news. However, awareness is still lacking and the heavy reporting around Zeus is making more people aware of the sophistication of the cyber criminal underground. Unfortunately, In many of the reports there is a recurring incorrectness. These reports talk... read more»





Data collected by Google cars
(from googlepolicyeurope at 30-4-2010)
Over the weekend, there was a lot of talk about exactly what information Google Street View cars collect as they drive our streets. While we have talked about the collection of WiFi data a number of times before--and there have been stories published in the press--we thought a refresher FAQ pulling everything together in one place would be useful. This blog also addresses concerns raised by data protection authorities in Germany.... read more»





Botnets + hacking kits + Web app holes = good times for cybercriminals
(from lastwatchdog at 30-4-2010)
Criminal-controlled botnets are becoming more resilient and powerful than ever. It’s easier than ever for even low-skilled hackers to supply botnets with freshly infected PCs via user-friendly hacking tool kits. And many of them are using these tool kits to spread infections on weakly protected web pages put up by legitimate corporations. Those are conclusions from recent security reports from Symantec’s MessageLabs division, Microsoft, M86 Security, WhiteHat Security and Imperva. The Mes... read more»





Special Ops Against Foreign Servers?
(from ubiwar at 30-4-2010)
Last October, Alexander Klimburg wrote a thought-provoking post at Intelfusion about problems with the US/Europe cybersecurity relationship, in which he wrote: … a number of recent conferences and meetings have had American officials ‘privately’ telling Europeans the same thing: “Defend your Cyberspace or we will do it for you.” One American official put it even more graphically: “If we are under attack by a (hijacked) server in an European country, we will turn it off. One way, or the ot... read more»





Denial of Service: Cyberattacks by the Vietnamese Government
(from viettan at 30-4-2010)
In the early days of the web—prior to social networks and before there were 25 million Vietnam internet users—the Government of Vietnam exercised online censorship by blocking politically sensitive websites. The firewall prevented internet users in Vietnam from accessing outside websites operated by the diaspora that discussed democracy, religious freedom or news critical of the Hanoi regime. As web blogs became popular, facilitating the participation of Vietnamese in online political discour... read more»





New Storm Variant Merely a Spambot, Experts Say
(from threatpost at 30-4-2010)
The new piece of malware that surfaced this week and has been hailed as a return of the Storm worm, is in fact simply the worm's original spam engine with some new components wrapped around it, researchers say, and not a rebirth of the botnet itself. Storm was a major botnet threat during its heyday in 2007, accounting for nearly a quarter of all of the spam on the Internet at its peak, by some estimates. It used a special peer-to-peer protocol for communication and also proved to be quite re... read more»





McAfee Misses Sales, Profit Targets in 1Q
(from InternetNews at 30-4-2010)
McAfee capped off what's has already been one of the worst weeks in the security software company's history by reporting first-quarter sales and earnings that fell well short of analysts' estimates. Not surprisingly, McAfee shares were punished in after-hours trading, falling $3.78 a share, or 10 percent, to $35.75 after closing off $0.39 a share to $39.53 ahead of the flagging earnings report. In the quarter, McAfee posted a profit, including one-time charges, of $37.6 million, or $0.23 ... read more»





Cybersecurity Bill Co-Sponsor Expects Bipartisan Support
(from esecurityplanet at 30-4-2010)
Amid the heated partisan strife that has accompanied the recent and ongoing debates over health care and financial regulatory reform, the idea of good-faith, productive negotiations that cross party lines on any significant issue seems a bit improbable these days. John Rockefeller (D-W.V.) is betting that cybersecurity is an exception. Rockefeller, the chairman of the Senate Commerce Committee, is in talks with Democratic leaders to arrange floor time to begin debate on the landmark Cybers... read more»





Botnet creator will plead guilty to selling code
(from Arstechnica at 30-4-2010)
One of two "hackers" allegedly responsible for a botnet attack in 2006 has agreed to plead guilty to charges that he built the botnet with the intent to sell its services to criminals. David Anthony Edwards will plead guilty in federal court Thursday, while his partner Thomas James Frederick Smith has already pleaded innocent in the case. The two Texas men were accused of developing a 22,000-strong PC botnet and shopping its services around to customers at a rate of 15¢ per drone and in batch... read more»





Information theft and politically-motivated hacking in focus
(from ch at 30-4-2010)
In its latest report, the Reporting and Analysis Centre for Information Assurance MELANI examines cybercriminal activities in the second half of 2009. The focus is on global information theft, politically-motivated hacking and blackmailing through the use of DDoS attacks. The report is now available at www.melani.admin.ch. Cybercrime has many facets, ranging from data theft for the purposes of making money to hacking websites as a way of giving vent to political frustration. Those affected ar... read more»





FIFA warns OffshoreAlert ahead of next week's fraud conference
(from offshorealertconference at 30-4-2010)
The governing body of world soccer – FIFA – has attempted to intimidate OffshoreAlert ahead of our conference in Florida next week at which allegations of fraud and corruption within FIFA will be made. In a letter to OffshoreAlert on April 23, FIFA's attorney, Lawrence Cartier, of London-based law firm Cartier & Co., issued a thinly-veiled threat of a possible libel action should a session by journalist and film-maker Andrew Jennings contain any "defamatory statements". In his letter, Cart... read more»





Millions of Brits risking fraud by writing down PINs - Which?
(from Finextra at 30-4-2010)
The consumer group, which polled 1045 people, says this means up to four million debit card holders and three million credit card holders write their PIN down or tell a friend or family member the code. A third keep it in their handbag or wallet and a similar proportion have a note at home. In addition, Which? says many Brits are ill-informed about their rights if fraud is committed on their card. More than four fifths believe that they will get a refund if they are a victim of street crime o... read more»





Tips for using Twitter, Facebook and other "anti-social networks"
(from NetworkWorld at 30-4-2010)
Corporations should institute daily one-minute Internet safety lessons that users must complete before they are allowed online, a security expert told Interop attendees this week, but he said even that might not work because attackers pay more attention to the advice than those it is intended to protect. As security pros publicize best practices, cybercriminals are taking note and using the information as a way to plot new exploits that circumvent the latest countermeasures, said David Perry... read more»





UPDATE 3-McAfee outlook misses as software bug bites
(from Reuters at 30-4-2010)
McAfee Inc, the No. 2 security software maker, said the cost of fixing a bug that shut down PCs at more than 100 large corporate customers will help push second-quarter earnings below expectations, sending its shares tumbling 11 percent. The glitch, included in a regular release of McAfee's anti-virus software, mistakenly identified part of Microsoft Corp's popular Windows XP operating system as a virus, triggering personal computer outages. The company also issued on Thursday first-quarte... read more»





McAfee to miss targets as software bug bites
(from ITNews at 30-4-2010)
McAfee, the world's second-largest security software maker, said the cost of fixing a bug that shut down PCs at more than 100 large corporate customers will help push second-quarter earnings below expectations, sending its shares tumbling 11 percent. The glitch, included in a regular release of McAfee's anti-virus software, mistakenly identified part of Microsoft's popular Windows XP operating system as a virus, triggering personal computer outages.... read more»





IT group urges government to strengthen industry
(from homelandsecuritynewswire at 30-4-2010)
TechAmerica says the U.S. federal government needs to update policy, extend tax credits, and invest in cybersecurity to pull the technology industry out of the recession; one thing policy makers should do right away is renew the research and development tax credit, which legislators failed to do during the recession, and then to give it up-to-date-enhancements The technology industry began to feel the effects of the recession in 2009 and is in need of government policy to get it back on track... read more»





Cybersecurity beating the bad guys, says Verizon
(from IT Wire at 30-4-2010)
According to Verizon's top Internet security expert, Peter Tippett, cybersecurity breaches are starting to level off and in the next 10 years security protection will become more effective and widespread as organisations band together to fight cybercrime. Speaking at the Infosecurity Europe trade show in London, Tippett, vice president of technology and innovation at Verizon, said: "Based on all the data we have amassed over the last several years for our Data Breach Investigations Reports…we... read more»





Cyber woes rise during summer vacations
(from Hindustan Times at 30-4-2010)
Come summer vacations and parents have one more reason to worry about for their naughty children, who apart form picking a fight with other kids or breaking a neighbour's window pane while playing cricket, could also innocently invite trouble over the Internet. During school holidays kids are likely to spend more time on the Internet than perhaps they normally do and thus become an easy prey for cyber criminals, say internet security experts. Besides being exposed to malware, online scam... read more»





U.K. launches competition to find cyber security experts
(from homelandsecuritynewswire at 30-4-2010)
The United Kingdom suffers from a dearth of cybersecurity experts; several private and public organizations have launched the Cyber Security Challenge competition -- a series of challenges and games that would test the talent and skills of people; the challenges will be built around eight key skill areas which include digital forensics, network analysis and logical thinking A national public competition has begun in the United Kingdom to find people with a talent for keeping computers and net... read more»





Press Release: First-Ever Global Cost of a Data Breach Study Shows Organisations Paid USD3.43 million per Breach in 2009
(from PGP at 30-4-2010)
The research shows that the average cost of a data breach globally stood at USD3.43 million last year, the equivalent of USD142 per compromised customer record. However, costs varied dramatically between regions, from USD204 per lost record in the U.S., down to USD98 per record in the UK. A total of 133 organisations, located in five countries – Australia, France, Germany, UK and U.S. – participated in the research, which was undertaken during 2009. In the UK, where only public sector and fin... read more»





EU security agency backs cloud computing research
(from v3 at 30-4-2010)
Cloud computing, wireless networks and supply chain integrity should be key areas of focus for IT security research in the next few years, according to a new report from the European Union security agency Enisa. The study, Priorities for Research on Current and Emerging Network Technologies, was produced as part of Enisa's ongoing research into how information security can support the new digital agenda for Europe and the wider Europe 2020 strategy.... read more»





Cyber crime: be afraid, be very afraid
(from hostexploit at 30-4-2010)
Full disclosure up front: Joe Menn, the author of "Fatal System Error: The Hunt for the New Crime Lords Who Are Bringing Down the Internet" and a tech reporter for the Financial Times, is a friend and former colleague of mine here at The Times. Nevertheless, I think even an unbiased observer would say that "Fatal System Error" is a compelling read, despite the fact that it's nonfiction. It's also a very frightening book. By retracing the steps taken by two men who were trying to fend off cybe... read more»





India now primary producer of viruses
(from Security Watch at 30-4-2010)
India has pushed Korea into second place and taken over the mantle of the world’s largest producer of internet viruses, according to analysis of internet threats in April by managed security company Network Box. India now accounts for just under 10 (9.9) per cent of the world’s viruses, ahead of Korea at 8.24 per cent and the US at 6.7 per cent. India is also becoming a more dominant force in spam production and intrusions: 7.40 per cent of the world’s spam now originates from India; and the ... read more»





Future EU Research: IT Security Priorities Identified in new Study - Always Online Availability in Focus
(from Redorbit at 30-4-2010)
The EU's 'cyber security' Agency ENISA- The European Network and Information Security Agency - has launched a new report concluding that the EU should focus its future IT security research on five areas. This points out the direction for future Framework Programme calls to make the EU economy flourish. The past decade has seen a revolution in the way we communicate. An increasing number of services are available online. Consumers, service providers, governments ; they all expect online servic... read more»





Majority unaware of how sensitive data is stored online
(from Net-Security at 30-4-2010)
A majority of U.S. citizens are unaware of how their online data is stored and who secures it, according to a Business Software Alliance (BSA) survey. Approximately one in five U.S. citizens said they were unaware of whether their personal or corporate data is being held “in the cloud,” and 60 percent said they did not know what “in the cloud” means. In addition, BSA’s findings show U.S. citizens are unsure who should be responsible for protecting sensitive, online data.... read more»





China Falls Off 'Dirty Dozen' Spam List
(from eSecurity Planet at 30-4-2010)
China didn't even make the so-called "Dirty Dozen," falling to No. 15 with only a 1.9 percent share of the spam pie. That's a dramatic decline from almost 5 percent in mid-2009. India checked in at No. 2 on the list at 7.3 percent, followed by Brazil and South Korea at 6.8 percent and 4.8 percent, respectively. Vietnam moved up to No. 5 on the spam charts at 3.4 percent, barely edging out Germany (3.2 percent) for Top 5 billing. By continent, Asia led the pack with almost 34 percent, outpa... read more»





Health worker is first HIPAA privacy violator to get jail time
(from SC Magazineus at 30-4-2010)
A former UCLA Health System employee, apparently disgruntled over an impending firing, has been sentenced to four months in federal prison after pleading guilty in January to illegally snooping into patient records, mainly those belonging to celebrities. Huping Zhou, 47, of Los Angeles, who was sentenced Tuesday, now has the dubious distinction of being the first person to ever receive prison time for violating the privacy stipulations under Health Insurance Portability and Accountability Act... read more»





FTC working on new privacy guidelines
(from SC Magazineus at 30-4-2010)
The Federal Trade Commission (FTC) is working on drafting a set of “guiding principles” outlining how businesses should handle certain privacy issues, an FTC official said Wednesday at a privacy and security law event in New York. Over the past several months, the agency has held three public roundtables to explore the privacy challenges facing businesses that collect and use consumer data, said Leonard Gordon, director of the FTC's Northeast regional office, speaking at the New York City Ba... read more»





UK in top 10 for spam relaying
(from IT Pro at 30-4-2010)
The UK has made it into the top 10 for spam relaying countries, in joint ninth place alongside Russia and Italy. For the period between January and March 2010, 3.1 per cent of global spam was relayed by sources from within the UK, according to a study from Sophos.However, the US was the worst offender, relaying 13.1 per cent of spam, with India and Brazil in second and third place. China, a country that has been under the cyber crime spotlight of late, did not even make it into the top 12, co... read more»





Lone IT industry voice speaks out against EU Web filter plan
(from NetworkWorld at 30-4-2010)
A European proposal to introduce mandatory blocking of child abuse websites poses a threat to the openness of the Internet, according to Ed Black, president of the Computer & Communications Industry Association (CCIA). Black is so far the only person from the IT industry willing to speak out on the issue. Companies including Google, Microsoft, Yahoo and the Spanish telecommunications operator Telefónica, as well as other trade groups representing the interests of the IT industry, either decli... read more»





Smartphone management becoming a nightmare
(from InfoWorld at 30-4-2010)
Smartphones and mobile devices are becoming a nightmare for IT shops to manage, with users carrying multiple types of phones with different operating systems and expecting access to email, video-conferencing, and various types of corporate applications. Management was relatively simple when IT managers gave mobile employees a Dell Latitude laptop and a BlackBerry and told them "you're good to go," said Gartner wireless analyst Paul DeBeasi, who took part in an Interop Las Vegas panel discussi... read more»





Brazilian Court Fines Google Yet Again Over Anonymous Orkut Message
(from Techdirt at 30-4-2010)
Brazil's laws concerning liability for online posting continue to haunt Google for no good reason. For years now, we've been hearing about lawsuits against Google in Brazil because of comments made on Orkut, Google's social networking site that (for whatever reason) is mostly popular in Brazil. Brazil doesn't seem to have a concept of safe harbors or of actually applying liability to those who actually did the actions. Instead, every time that someone does something mean on Orkut, Google get... read more»





Cyber-crime on increase ahead of World Cup
(from SABC NEWS at 30-4-2010)
Information technology specialists say internet or cyber-crime is increasing in South Africa ahead of the FIFA World Cup. Head of a Cape Town-based anti-virus software provider, Carey van Vlaanderen, says such activities include fraudulent ticket sales, promising cheaper accommodation and malware-infected websites. Van Vlaanderen says it is imperative that internet users take computer security precautions. He says there is a massive amount of emails that are being sent out at the moment that ... read more»





Webinar : High Availabilty IT
(from The Register at 30-4-2010)
While the vision of IT might be rows of gleaming systems running standardised applications, the truth is that many organisations struggle with their IT environments as wave after wave of new IT projects have had to work alongside older kit and software. The end result is felt most keenly in terms of service delivery. From the user perspective, what goes on behind the curtain should be irrelevant, but users and IT staff alike bear the brunt of such things as complexity and fragmentation within... read more»





Seven Cyber Scenarios To Keep You Awake At Night
(from Forbes at 30-4-2010)
Stiennon has been a white hat hacker for PricewaterhouseCoopers, VP Security Research at Gartner, and an executive at Webroot Software and Fortinet, Inc. He is founder and Chief Research Analyst at IT-Harvest. Scenario planning is an important tool in the realm of cyber security. Stakeholder teams are assembled to create plausible scenarios of possible future threats. Repercussions are predicted to help quantify risk and justify mitigating investments in technology and changes to policy and... read more»





China slides off list of top spam-relaying nations
(from Sophos at 30-4-2010)
China gets a lot of flak from various corners of the globe for being a hotbed of cybercrime, and so it's only fair to report when there's some good news coming from behind the bamboo curtain. The latest "dirty dozen" stats from Sophos, examining the top twelve countries which are relaying spam from compromised computers, show that China has dropped off the list. Indeed, in the last 12 months Sophos's research shows that the proportion of spam relayed by Chinese computers has steadily reduc... read more»





McAfee antivirus update chaos and why malware defence must evolve
(from TechWorld at 30-4-2010)
Last week a flawed DAT file from McAfee led to false positives crashing Windows XP systems and leading to a massive cleanup effort. It would be very easy to simply point the finger at McAfee, terminate the employment of a scapegoat security engineer or two, and continue on with the status quo, however the whole incident is an illustration of why the anti-malware industry - not just McAfee - need to embrace the US Marines mantra to improvise, adapt, and overcome. The current model is like a wa... read more»





Is the second coming of DNS Y2K all over again?
(from iTWire at 30-4-2010)
DNS is the Domain Name System and is the central postmaster of the Internet. Changes are coming to add security, but naysayers would have you believe it is Y2K all over again. DNS makes the Internet work. You type in www.itwire.com into a web browser and it’s DNS which tells your computer the underlying network address of the iTWire web server. Send an e-mail to myfriend@someisp.com and again it’s DNS which helps your e-mail wend its way through the tubes that make up the Internet.... read more»





EUSecWest 2010 - The Sixth Annual World Security Professional Summit in European Union
(from EUSecWest at 30-4-2010)
The worlds security professionals will converge on Amsterdam on June 16th and 17th, 2010, to discuss new technology, and share best practices. The most significant new discoveries, technologies, and products will be presented at the sixth annual EUSecWest conference, brought to you by the organizers of PacSec, BA-Con, and CanSecWest. The latest in cutting edge information security threats, defenses, applications, and theory will be showcased in a series of one hour presentations by the bright... read more»





Study: Application Security Not An Enterprise Priority
(from Dark Reading at 30-4-2010)
With all of the attention and education surrounding secure coding practices and Web attacks, you'd think it would be sinking in to enterprises by now, but not so much, according to a new survey: Only 18 percent of IT security budgets are dedicated to Web application security, while 43 percent of budgets are allocated to network and host security. "The State of Application Security" report by the Ponemon Institute and commissioned by Imperva and WhiteHat Security, published this week, found th... read more»





PDF Exploits Explode, Continue Climb in 2010
(from PCWorld at 30-4-2010)
Exploits of Adobe's PDF format jumped dramatically last year, and continue to climb during 2010, a McAfee security researcher said Wednesday. Microsoft , meanwhile, recently said that more than 46% of the browser -based exploits during the second half of 2009 were aimed at vulnerabilities in Adobe's free Reader PDF viewer. According to Toralv Dirro, a security strategist with McAfee Labs, the percentage of exploitative malware targeting PDF vulnerabilities has skyrocketed. In 2007 and 2008... read more»





FBI Cyber Division Warns About Social Networking
(from ESET at 30-4-2010)
In response to questions I heard this weekend from friends of mine about the ‘big picture’ relevance of the 1.5 million Facebook accounts compromised, I referred back to last month’s FBI speech from Dep. Asst. Dir. Chabinsky: “Don't be surprised if a criminal compromises your or one of your colleague's personal social networking accounts to retrieve the e-mail addresses of some of your friends, and then uses that information to spoof an e-mail to you or your colleague at work. Other crimi... read more»





Infosec 2010: Physical and technical security must work together
(from v3 at 30-4-2010)
Organisations need to ensure that physical and technical security procedures work together to ensure the best possible defence against potential data breaches, according to a panel of industry experts at Infosec 2010. Carl Froggert, global engineering lead at financial firm Citi, argued that converged threats mean that security has to be considered in a wider context. "IT and physical security need to work together, otherwise it is not a sensible model for security. If they are viewed as sepa... read more»





Security Analysis of India’s Electronic Voting Machines
(from indiaevm at 30-4-2010)
Elections in India are conducted almost exclusively using electronic voting machines developed over the past two decades by a pair of government-owned companies. These devices, known in India as EVMs, have been praised for their simple design, ease of use, and reliability, but recently they have also been criticized because of widespread reports of election irregularities. Despite this criticism, many details of the machines’ design have never been publicly disclosed, and they have not been subj... read more»





Infosec 2010: Large firms overwhelmed by security breaches
(from v3 at 30-4-2010)
A staggering 92 per cent of large organisations have suffered a security incident or data breach in the past year, as they struggle to cope with the changing threat landscape, according to the latest biennial Information Security Breaches Survey from PricewaterhouseCoopers (PwC). PwC partner Chris Potter branded the findings, launched today at Infosec 2010, "surprisingly bad", and said that companies are struggling to mitigate the increased external threat levels and the large numbers of acci... read more»





Study: Users OK with mobile devices for sensitive transactions
(from CSOonline at 30-4-2010)
Most mobile device users worldwide feel safe using their mobile devices for applications that involve highly-sensitive information, including accessing airline boarding passes; making payments in stores for low-cost items; or to access online banking, according to research conducted by Unisys Corporation. But acceptance levels vary by age, with younger users more comfortable conducting sensitive mobile transactions compared to older users. The research, part of a bi-annual survey of more tha... read more»





You sent what? - IT security study
(from ca at 30-4-2010)
Every organization processes data that can be classified as sensitive. This sensitive information takes many forms, including product designs, technical specifications, software code, or employee personal data, like credit card and account numbers, medical-related information, and national identification numbers. Businesses also need to regularly share data with each other outside the perimeter, driving the cross-organisational business processes that enable suppliers to trade and governments to... read more»





Infosec 2010: What is lost data actually worth?
(from v3 at 30-4-2010)
With the Information Commissioner's Office (ICO) now able to fine firms up to £500,000 for any data losses, and more information than ever being stored, the safeguarding of that data is a major concern for all businesses. But what is lost data, such as credit card numbers, customer databases and financial information, actually worth, particularly to the criminal fraternity? A mock data auction at Infosec 2010 aimed to provide some answers. Several lots of data were up for bidding, and a pane... read more»





Seven Cyber Scenarios that should keep you up at night
(from threatchaos at 30-4-2010)
Scenario 1. Collateral Damage from Cyberwar. The Scenario: Wide spread attacks in conjunction with hostilities between two or more nation states leads to network outages that spread beyond the geo-political participants. The reality: Hosted websites in Atlanta, Georgia suffer when Russia attacks the country of Georgia, August 8, 2008. Tulip Systems, a hosting provider in Atlanta, graciously offers to host the web sites of President Saakashvlli (president.gov.ge) and the Georgian televisi... read more»





Infosec 2010: Harvey Nichols ensures it is PCI-DSS compliant
(from Computing at 30-4-2010)
With high-profile examples of retail card crime such as that of retailer TJX in mind, Harvey Nichols infrastructure manager Matthew Suddock described compliance with the new PCI-DSS credit card requirements as “very sensible.” Suddock chaired a keynote session at security conference Infosecurity earlier today. “Last I heard, TJX had lost $111m as a result of card data theft – with this in mind, retailers of any size can’t afford not to make themselves compliant,” he said.Harvey Nichols has pu... read more»





Rule reversal makes it easier to have fake goods destroyed
(from Computer Active at 30-4-2010)
Consumers who have bought suspected fake goods from an overseas trader may never get to see their purchases. Currently many bogus goods that make their way into the UK are bought by unsuspecting consumers, who have found a ‘bargain’ at an online store. Many of these retailers are based outside the UK, which makes the consumer the importer of the goods. An operation last December, during which police and the Office of Fair Trading closed down 1,200 such sites, showed how enormous the problem h... read more»





What's impacting IT security today?
(from The Register at 30-4-2010)
Okay, we've banged on often enough about how security shouldn't be about products - it should be about making sure our data is adequately protected and all such good ideas. But the question is just how practical is this? We know a whole load of change is coming to IT today, some internal and some external. We also know that the bad guys are getting badder, smarter and better-equipped to breach the increasingly fragmented protection mechanisms we have in place.... read more»





Cybersecurity to reach new heights in reducing risk by 2020
(from searchsecurityasia at 30-4-2010)
While online business transactions and consumer use of the Internet are continuing to increase dramatically, cybersecurity breaches are starting to level off, and in the next 10 years security protection will become more effective and widespread as organizations band together to fight cybercrime. This is Verizon’s top Internet security expert Peter Tippett's most recent assessment.Speaking at the Infosecurity Europe trade show in London, Tippett, vice-president of technology and innovation at... read more»





Infosec 2010: Prepare for the information security revolution, says PwC
(from Computing at 30-4-2010)
Trends including the increase in web data and the number of people accessing the internet will have implications for information security in the future, says a report by PricewaterhouseCoopers (PwC), commissioned by government body the Technology Strategy Board. Barry Jaber, assistant director of strategy at PwC, explained that the trends we’ll see in the next decade already exist today, but will gain traction as organisations rely more on electronic information. Social networking will contin... read more»





Surgeon Sentenced to Federal Prison for Violation of HIPAA
(from loglogic at 30-4-2010)
Quick, what are the first five things you think of when I say “cardiothoracic surgeon.” I bet convicted criminal wouldn’t even be in the top 100… On Tuesday, Huping Zhou, a cardiothoracic surgeon formerly with UCLA Healthcare system, was convicted of 4 misdemeanor counts of violating HIPAA (here’s link to USAO press release: http://www.justice.gov/usao/cac/pressroom/pr2010/079.html). Apparently, after Dr. Zhou was told that his services were no longer needed for unrelated reasons, Dr. Zhou co... read more»





Barclays security chief: Assume all networks are compromised
(from v3 at 30-4-2010)
IT security professionals should operate under the assumption that their networks are compromised, and look at ways to ensure that the system works regardless, according to the head of information risk management at Barclays. Stephen Bonner argued during a panel debate at Infosecurity Europe today that it is wrong for security chiefs to try to create a "bubble of safety" in their systems because it is a false hope given the numerous threats and flaws.... read more»





iPhone Finder Regrets His ‘Mistake’
(from Wired at 30-4-2010)
The person who found and sold an Apple iPhone prototype says he regrets not doing more to return the device to its owner, according to a statement provided by his attorney Thursday in response to queries from Wired.com. Brian J. Hogan, a 21-year-old resident of Redwood City, California, says although he was paid by tech site Gizmodo, he believed the payment was for allowing the site exclusive access to review the phone. Gizmodo emphasized to him “that there was nothing wrong in sharing the ph... read more»





Google personal suggest bug exposed user web history
(from The Register at 30-4-2010)
Google has restored its "personalized" search suggestions after purging the tool of a critical vulnerability that allowed attackers to steal a user's web history. Personalized search suggestions were disabled on March 1, and they didn't return until April 20. Ordinarily, Google adds these personalized keyword suggestions to its generic suggestion list if you've turned on Google Web History, a service that stores your searches and page visits. The personalized suggestions are based on data fro... read more»





Palin email jury reaches verdicts on 3 of 4 counts
(from The Register at 30-4-2010)
The jury deciding the fate of the man accused of breaching Sarah Palin's Yahoo Mail account has reached a verdict on three of the charges filed against him but can't come to a decision about the fourth, according to news reports. In a note to US District Judge Thomas W. Phillips, jurors wrote: "Some of us feel not all jurors are following the jury instruction," according to The Knoxville News. They also said they were deadlocked on the charge of identity theft.... read more»





Al-Qaeda Engaged in Online Military Training - The jihadists use the Internet to pursue a psychological war
(from avertlabs at 30-4-2010)
This week, I’m attending the Francopol conference on cybercrime, in Montreal. Francopol is the international training network of French-speaking police forces. Several speakers greatly impressed me, especially Dominique Dudemaine, Canadian Crown Prosecutor, who presented “Does cyberterrorism exist in Canada?” The answer is Yes; several lawsuits for Internet-related terrorist activities have been filed in Canada since September 2001.... read more»





One Laptop per Child targets Middle East and E Africa
(from BBC at 30-4-2010)
The group behind the "$100 laptop" has formed a partnership which it hopes will deliver computers to every primary school child in East Africa. The partnership between One Laptop per Child (OLPC) and the East African Community (EAC) aims to deliver 30 million laptops in the region by 2015. OLPC has also announced a partnership with a UN agency which aims to deliver 500,000 machines in the Middle East. Both the UN agency and the EAC first need to raise cash for the laptops.... read more»





Summarizing Zero Day's Posts for April
(from Dancho Danchev at 30-4-2010)
The following is a brief summary of all of my posts at ZDNet's Zero Day for April, 2010. You can also go through previous summaries, as well as subscribe to my personal RSS feed, Zero Day's main feed, or follow me on Twitter.... read more»





Yahoo chief Carol Bartz sees trouble for Google
(from BBC at 30-4-2010)
Google will have "a problem" if it does not diversify its business, the head of Yahoo has told BBC News. Carol Bartz said that Google would have to "do a lot more than search" and suggested that it would have to "grow a company the size of Yahoo every year". Ms Bartz made the comments when asked if Yahoo's sprawling network of sites and services had a defined brand image. It competes with Google in the search market, but has only 17% of the US market, compared to Google's 65%, according to Co... read more»





India now the primary producer of viruses
(from Net-Security at 30-4-2010)
India has pushed Korea into second place and taken over the mantle of the world’s largest producer of internet viruses, according to analysis of internet threats in April by Network Box. India now accounts for just under 10 (9.9) per cent of the world’s viruses, ahead of Korea at 8.24 per cent and the US at 6.7 per cent.... read more»





The staggering cost of a data breach
(from Net-Security at 30-4-2010)
The average cost of a data breach globally stood at USD 3.43 million last year, the equivalent of USD 142 per compromised customer record, according to research from the Ponemon Institute. Costs varied dramatically between regions, from USD 204 per lost record in the U.S., down to USD 98 per record in the UK. A total of 133 organizations, located in five countries – Australia, France, Germany, UK and U.S. – participated in the research, which was undertaken during 2009.... read more»





Beijing security know-how rules irk suppliers
(from The Register at 30-4-2010)
Chinese government rules due to come into force on Saturday would oblige security vendors to disclose encryption information. The regulations mean that suppers of six categories of products - including smart cards, firewall and routers - will need to submit trade secrets to a government panel in order to receive a license to sell to government departments.EU officials have described the move as both protectionist and commercially risky. One concern is that security know-how supplied to the go... read more»





Google: Fake antivirus makes up 15 percent of all malware
(from ZDNet at 30-4-2010)
A rise in fake antivirus offerings on Web sites around the globe shows that scammers are increasingly turning to social engineering to get malware on computers rather than exploiting holes in software, a Google study to be released on Tuesday indicates. Fake antivirus--false pop-up warnings designed to scare money out of computer users--represents 15 percent of all malware that Google detects on Web sites, according to 13-month analysis the company conducted between January 2009 and February ... read more»





How to remove the ICPP Copyright Violation Alert ransomware
(from ZDNet at 30-4-2010)
Who would have thought that on your way to remove a ransomware scam that affected your PC, you would be one day pirating the application that was originally using a “copyright violation alert” theme, as a spreading technique? What’s the best way of removing it? A working license code that completely uninstalls the ransomware, remains the most effective post-infection approach. Although the original domain used to facilitate the $400 transaction scam is down, a huge number of end users rema... read more»





Cyberattacks: Can Google -- or Uncle Sam -- protect you?
(from CSMonitor at 30-4-2010)
Who can do a better job of protecting us from cyberthreats: private companies like Google, or Uncle Sam? This was the question discussed at a recent event hosted by the Center for National Policy in Washington. It was one of those seminars that should have been attended by everyone who conducts business online. The views of the two experts on hand – Doug Raymond of Google and Rob Knake of the Council on Foreign Relations – echo the debate in Washington over regulating banks and Wall Street. A... read more»





Hackers use SEO poisoning to infect visiting computers
(from SecurityPark at 30-4-2010)
Accroding to Sophos, hackers are exploiting a problem with McAfee's anti-virus product that has caused hundreds of thousands of computers around the world to repeatedly reboot themselves, effectively becoming inoperable. McAfee recently accidentally issued a detection update which mistakenly detected a harmless Windows file, svchost.exe, as "W32/Wecorl.a", and caused critical problems on affected PCs. Hackers, however, are compounding the problem by using blackhat SEO (search engine optimisat... read more»





ICANN approves first four internationalized country domains
(from NetworkWorld at 30-4-2010)
ICANN, the Internet Corporation for Assigned Names and Numbers, has approved the first four country-code domain names written in non-Latin script, it announced Tuesday. All existing top-level domain names are written using the "Latin" alphabet, the 26 letters from A to Z. That system is just fine for Internet users in English-speaking countries, but not for those countries for which the official language is written using other scripts, such as the Russian Cyrillic characters, Arabic script or... read more»





Fake antivirus software on rise, says Google
(from TechWorld at 30-4-2010)
Fake antivirus software is becoming more prevalent on the Internet, with its creators using clever methods to fool users into installing the programs, according to a new report from Google. Google conducted a 13-month study looking at some 240 million web pages. The company determined that 11,000 of those domains were involved in distributing fake antivirus programs, and that those kinds of program comprise 15 percent of the malicious software on the web. There are thousands of versions of... read more»





Techie convicted of locking up SF city network
(from TGDaily at 30-4-2010)
A former network administrator has been convicted of hijacking San Francisco's computer network and refusing to tell his bosses the passwords. Terry Childs, who had worked at the city's Department of Telecommunication Information Services for 10 years, had apparently become concerned about impending layoffs. He was also a bit miffed that his bosses were reviewing his security clearance because of a previous conviction for robbery.... read more»





UK makes the 'dirty dozen' of global spam-relaying countries
(from v3 at 30-4-2010)
Security firm Sophos has released its latest top 12 list of the worst countries for relaying spam, placing the UK at ninth. The US came top in Sophos' 'dirty dozen', relaying over 13 per cent of all spam and accounting for "hundreds of millions of junk messages every day". India came second at just over seven per cent, followed by Brazil at just under six per cent.... read more»





Google defends Street View Wi-Fi data collection
(from v3 at 30-4-2010)
Google has been forced to defend itself once again over its controversial Street View service, after it emerged that its cars also collect data on Wi-Fi networks and Media Access Control (MAC) addresses. German federal data protection commissioner Peter Schaar was quoted in German newspaper Spiegel last week as saying he was "horrified" to discover the practice, and said that it was being carried out "without the knowledge of third parties". However, Peter Fleischer, global privacy counsel... read more»





EU directive puts Europe's startup industry at risk
(from v3 at 30-4-2010)
A directive being debated by the European Union (EU) has the potential to undermine the region's startup industry and innovation, but the groups opposing the directive are fragmented and may be not be able to persuade the EU to rethink its policy. The Alternative Investment Fund Managers Directive was proposed by the European Commission (EC) in April last year in response to the financial crisis. The EC wanted to bring in regulation to supervise the investment market, and create more tran... read more»





The DNS attacks as a Tale of Geeks & Wonks
(from intelfusion at 30-4-2010)
Few issues highlight the eternal geek vs. wonk face-off better then a spate of DNS breakdowns we have had in recent months. Geeks think in tem of better procedures or protocols, and wonks think in terms of better policy or practice, and never the twain shall meet. As a card-carrying wonk I can hardly claim objectivity here, but in my view the current debate around DNS illustrates very well that even most brilliant geeky solutions are helpless in face of intransigent wonky problems.... read more»





Use a proxy server. Feed an Intel service
(from intelfusion at 30-4-2010)
There are many government agencies both in the U.S. and around the world who restrict their employees from visiting social networking sites (SNS) through the use of a firewall filter. Anyone care to make a guess as to how that’s working? While some employees honor their organization’s policy, many are turning to free proxy services in order to get their daily SNS fix on Twitter, Facebook, YouTube, etc. GLYPE is one such solution.... read more»





Storm Worm making comeback with new spam run
(from scmagazineus at 30-4-2010)
It's baaack. Researchers at CA say they have detected a new variant of the Storm Worm, the infamous botnet best known for its spam-producing abilities, but which was effectively killed off more than a year ago. During its roughly two-year run, though, Storm was highly successful, and it appears malware writers again are utilizing the old code to infect machines, which then are used to spread spam, Don DeBolt, director of threat research at CA, told SCMagazineUS.com on Wednesday.... read more»





Lone IT industry voice speaks out against EU Web filter plan
(from ComputerWorld at 30-4-2010)
A European proposal to introduce mandatory blocking of child abuse websites poses a threat to the openness of the Internet, according to Ed Black, president of the Computer & Communications Industry Association (CCIA). Black is so far the only person from the IT industry willing to speak out on the issue. Companies including Google, Microsoft, Yahoo and the Spanish telecommunications operator Telefónica, as well as other trade groups representing the interests of the IT industry, either decli... read more»





Cyber security guru sues Seattle police over arrest
(from seattlepi at 30-4-2010)
A Seattle cyber security expert is accusing Seattle police of intentionally concealing videotape of his October 2008 obstruction arrest and planning in court to unveil an "ongoing fraudulent conspiracy" to conceal the evidence. If successful, Eric Rachner will seek the maximum $100 a day penalty allowed under the state's Public Disclosure Act, a threshold few litigants have ever achieved. "The highest penalty is proper because SPD repeatedly made false or misleading statements, adopting on... read more»





Texas man set to admit building botnet-for-hire
(from ComputerWorld at 30-4-2010)
A Mesquite, Texas, man is set to plead guilty to training his 22,000-PC botnet on a local ISP -- just to show off its firepower to a potential customer. David Anthony Edwards will plead guilty to charges that he and another man, Thomas James Frederick Smith, built a custom botnet, called Nettick, which they then tried to sell to cybercriminals at the rate of $0.15 per infected computer, according to court documents.... read more»





How Data Laws Slap Insecure Companies
(from Forbes at 30-4-2010)
Breach disclosure laws--the rules that require companies to alert customers or employees when they've lost control of their private data--may not always achieve their intention to prevent identity theft. But a new study suggests the laws bolster protections in a less direct way: by financially punishing companies that suffer data security mishaps. In an analysis of 133 companies in five countries, the privacy-focused nonprofit Ponemon Institute surveyed executives anonymously on the financial... read more»





Redundancy key to net-centric Defence
(from SecureComputing at 29-4-2010)
Defence should focus on withstanding, and not just preventing, cyber-attacks, a U.S. researcher and ex-Air Force commander suggests. According to Robert Elder of the George Mason University, increasingly networked military activities are becoming more challenging to protect. At the Network Centric Warfare (NCW) conference in Canberra yesterday, Elder described a range of means by which attackers could disrupt online military operations.... read more»





Data Breaches Less Costly with Strong CISO
(from EWeek at 29-4-2010)
Ponemon Institute's latest report on data breaches shows putting the CISO in charge of the detection and notification process can makes a difference in your bottom line. When data breaches occur, strong leadership from the chief information security officer can make a difference in the damage done to your corporate budget, according to new research from the Ponemon Institute. In its latest look at data breaches the institute found that in the five countries studied (U.S., U.K., Australia, F... read more»





Panel debates 'buy vs. build' mobile device security policy management
(from TechTarget at 29-4-2010)
Enterprises should allow employees their choice of mobile devices in the enterprise, but policy must be clearly communicated, outlining rules and the consequences for violating them, according to panelists taking part in a spirited discussion on mobile device security at InfoSec World 2010. The session opened with a conversation about mobility-related threats, including tethering, a technique which allows users to go online from their notebooks or PDAs, using their cell phone or other Interne... read more»





Security pros, meet your new best friend: the CFO
(from NetworkWorld at 29-4-2010)
Executives in charge of information security should make friends with the CFO, who can give them a broad overview of corporate priorities and see to funding the most important IT projects that protect corporate data. Security pros should also look skeptically at industry compliance standards and avoid outsourcing security wholesale, said John Pironti, president of IP Architects, speaking at the Interop conference in Las Vegas.... read more»





The evil men (can) do with embedded systems
(from NetworkWorld at 29-4-2010)
Embedded IT infrastructure is everywhere, controlling the flow of water and electricity and maintaining the equilibrium of sewage treatment and nuclear power plants. Forget about car bombs and crude atomic devices. That's the stuff Dr. Evil would use to fail. To take over the world, the bad guys are better off hijacking all those embedded systems. That's exactly what they're trying to do, and there are plenty of vulnerabilities for them to choose from. So says Paul Asadoorian, a volunteer... read more»





Diary of a mad McAfee antivirus victim
(from NetworkWorld at 29-4-2010)
As if McAfee's bad antivirus update last week wasn't bad enough, some customers were none too happy with how the security vendor's tech support handled the situation either. David Hellen, an independent contractor for the U.S. Navy who heads his own SAP configuration business, says last Wednesday when he noticed that his Dell Latitude running Windows XP wouldn't boot straight into Windows, he knew he had to try and figure out what was going on. He saw news stories about the McAfee antivirus u... read more»





Court Delays Red Flags Rule for AICPA Members
(from webCPA at 29-4-2010)
A district court has granted a delay in the enforcement of the Federal Trade Commission’s Red Flags Rule governing identity theft prevention for members of the American Institute of CPAs in public practice. The Red Flags Rule is part of the Fair and Accurate Credit Transactions Act, which Congress passed in 2003. The rule requires financial institutions and creditors, including CPAs who bill clients, to develop and implement a written identity theft prevention program to protect customers’ pe... read more»





Federal Agencies Wrestle With Cybersecurity's Harsh Realities
(from DarkReading at 29-4-2010)
In a perfect world, U.S. federal agencies would be able to prevent all attacks -- and identify those who launch them. In a perfect world, agencies would comply with all security regulations and provide open access to public information while tightly securing all data that might be important to national security. There's just one problem: The world isn't perfect. That was the message here today as top IT executives of several federal agencies -- as well as federal business unit executives o... read more»





New variant of Storm worm emerges
(from InfoWorld at 29-4-2010)
A new variant of the Storm worm has emerged, but it does not appear to be as well-designed as its older relative, according to computer security researchers. The Storm worm first appeared in early 2007 and spread quickly, making it one of the most prolific and widespread worms ever. Once it infected people's computers, the worm sent million upon millions of spam messages. The Shadowserver Foundation, which tracks botnets, first received a sample of the new version of the worm on April 13, ... read more»





McAfee to enlist channel in update error cleanup
(from itincanada at 29-4-2010)
McAfee is attempting to pick up the pieces from a wreckage of its antivirus update error by implementing a plan to foot the bill for channel partners to provide remediation and consulting to their affected customers. A source close to Channelweb.com said that altogether, McAfee planned to fund channel partners to conduct a multitude of remediation services, as well as an up-front health-check, and online and onsite consulting best practices services, which would also include travel expenses a... read more»





Gizmodo considers suing police after iPhone raid
(from CNet at 29-4-2010)
A lawyer for Gizmodo says the gadget blog could sue the sheriff's office in San Mateo County, Calif., for raiding an editor's home last Friday as part of a criminal probe into an errant iPhone prototype. The option of a lawsuit "is available because search is not the appropriate method in this situation," Thomas R. Burke, a media lawyer and partner in the San Francisco offices of Davis Wright Tremaine, told CNET. He said the search warrant violated a California journalist shield law designed ... read more»





NIST Restructuring Bill Heads to House
(from govinfosecurity at 29-4-2010)
A bill that would provide for the first major restructuring of the National Institute of Standards and Technology in more than two decades won approval by a House committee Wednesday. The House Science and Technology Committee approved by a 29-8 vote the America COMPETES Reauthorization Act, which includes provisions to reduce to six from 10 the number of laboratories - the main research and development components at NIST - and promote the NIST director to undersecretary for standards and tec... read more»





Building an Online Reputation
(from govinfosecurity at 29-4-2010)
Richard Power is the director of strategic communications for CyLab at Carnegie Mellon University. As an information security leader, he has been an active speaker, writer and advisory board member. He also has invested heavily in building his online reputation --mentoring, engaging and actively reaching out to the community through Internet resources. The benefit of building his online reputation? "Being known and recognized for your work and accomplishments achieved," Power says, as well as... read more»





Why it's time to move away from McAfee
(from CNet at 29-4-2010)
Last week, McAfee pushed out a virus definition file update the company now admits did not meet an acceptable level of quality assurance. Users found this out the hard way when the update crippled their computers. While the damage to individual computer systems has been repairable, I recommend that you look elsewhere for your computer's security. My recommendation comes down to a harsh reality: corporations should be accountable for their actions, and users have choices. In the security real... read more»





Bugs & Fixes: Security Fixes for All Major Browsers
(from IT World at 29-4-2010)
Whatever you use to surf the Web needs a fix. Developers of all five major browsers--Chrome, Firefox, Internet Explorer, Safari, and Opera--recently released important security patches. To head off a growing number of attacks against a publicly known security bug, Microsoft took the unusual step of releasing IE's fix outside its usual Patch Tuesday monthly update cycle. The cumulative IE patch closes a total of ten bugs, the most significant of which let bad guys to invade a PC via IE 6 or IE... read more»





Computer hacker targets Megan Meier Foundation
(from newsmagazinenetwork at 29-4-2010)
A computer hacker has targeted the Megan Meier Foundation formed by her mother, Tina Meier, in honor of her daughter, Megan Meier, 13, who took her own life on Oct. 17, 2006. A message by hackers was sent through her email account claiming Tina Meier was stuck in Europe without her passport and money, and needed cash to get home. Tina Meier said she immediately contacted Yahoo mail and shut down the account. The mission of the Megan Meier Foundation is to bring "awareness, education and... read more»





Conservative site 'Locked' by attack by hackers
(from newsobserver at 29-4-2010)
Hackers attacked the website JohnLocke.org forcing what appears to be a malicious site warning to display. The link through Google search also triggers Google's warning. A tweet from the account JohnLockeNC claims hackers attacked the site through its advertising framework.... read more»





Lebanon news agency: Website hacked by Israel to post Ron Arad message
(from Haaretz at 29-4-2010)
Lebanon's state-run news agency on Tuesday accused an Israeli organization of having hacked into its website to post a message calling for information about a missing Israeli air force pilot. National News Agency (NNA) director Laure Suleiman said the agency's Arabic, English and French websites "were hacked several times by the Israeli Born to Freedom Foundation."... read more»





Jurors deliberate in Palin case; no decision yet
(from ctpost at 29-4-2010)
A federal jury deliberated about six hours at the felony trial of a former University of Tennessee student charged with hacking into Sarah Palin's e-mail account and then asked a question before a judge told them to resume Wednesday. The jury deciding the case against David Kernell, 22, asked the judge if unauthorized access to a computer in one of the charges "means only logging on" or are other steps involved.... read more»





Admin who kept SF network passwords found guilty
(from ComputerWorld at 29-4-2010)
Terry Childs, the San Francisco network administrator who refused to hand over passwords to his boss, was found guilty of one felony count of denying computer services, a jury found on Tuesday. Childs now faces a maximum of five years in prison after jurors determined that he had violated California's computer crime law by refusing to hand over passwords to the city's FiberWAN to Richard Robinson, the chief operations officer for the city's Department of Technology and Information Services (D... read more»





Data breaches prove costly to firms - Ponemon Institute
(from Finextra at 29-4-2010)
The 2009 Annual Study: Global Cost of a Data Breach report, compiled by the Ponemon Institute and sponsored by PGP Corporation, assesses the actual cost of activities resulting from more than one hundred real life breach incidents, affecting organisations from 18 different industry sectors. The research shows that the average cost of a data breach globally stood at USD3.43million last year, the equivalent of USD142 per compromised customer record. However, costs varied dramatically between re... read more»





Russia dominating automated malware kit market
(from v3 at 29-4-2010)
Russia is dominating the market for automated malware creation kits that are sold online to phishers and data thieves. A new report from M86 Security, entitled Web Exploits: There's an App for That , found that the majority of new malware creation kits, such as Adpack and Fragus, are being sold in Russia. The company had seen a big increase in the size and complexity of such kits, and said that more than a dozen had launched in the past six months.... read more»





Guilty verdict in San Francisco rogue admin case
(from v3 at 29-4-2010)
A former San Francisco network administrator has been found guilty of tampering with the city government's computer network. Terry Childs was found guilty of denial-of-service charges that can carry a penalty of up to five years in prison. He will be sentenced on 14 June. In what would become a textbook case of dysfunctional security and management practices in IT, Childs made headlines in 2008 when he locked city officials out of their own networks following a dispute with management.... read more»





Fake Scans That Plant Malware Are Rising, Google Says
(from Yahoo at 29-4-2010)
They sneak up on you while you're working, pretend to help you, and then betray you. By the time you realize what's going on, you're infected. They're sneaky malware programs designed to look and operate like antivirus scan prompts from Windows or other software, but rather than search for bugs, they plant them. And according to a detailed study from Google, they are on the rise and pose an increasing threat.... read more»





Cybercriminals Find Click Fraud Is Big Business
(from enterprise-security-today at 29-4-2010)
Click fraud is on the rise, as cybergangs step up the use of infected PCs to divert advertising dollars into their hands. In the first three months of this year, 17 percent to 29 percent of clicks to online ads were fraudulent, according to separate estimates by Click Forensics and Anchor Intelligence, leading suppliers of click fraud detection technology. That's up from 15 percent to 25 percent in fourth-quarter 2009.... read more»





Centre has new plan to check cyber terrorism
(from DNAIndia at 29-4-2010)
The Centre has formulated a Crisis Management Plan to counter cyber attacks and cyber terrorism meant for implementation by all ministries and departments of central and state governments. The government decided to prepare this new plan after being alarmed by a report of the University of Toronto titled ‘Shadows in the Cloud’. The report elucidates a complex ecosystem of cyber espionage that systematically compromised even sophisticated computer network systems in India. The issue of cyber... read more»





Cyber Threats Are Emerging In India
(from CIO at 29-4-2010)
Cyber terrorism is a concept that is closely related to national security and cyber security of any nation. While the definition and nature of cyber terrorism is still debatable yet none can doubt about the use of information and communication technology (ICT) for attacking crucial computer systems of others, says Praveen Dalal, India’s leading techno-legal expert. Realising the importance of cyber security and a defense against cyber terrorism, countries all over the world are streamlining t... read more»





Soccer World Cup Propels Cybercrime in South Africa
(from thenewnewinternet at 29-4-2010)
Africa is currently seeing a spur of phishing attacks, and with South Africa’s hosting of the World Cup this year, cyber criminals in that region are getting even busier. “Major sporting events provide a perfect cover behind which cyber criminals can launch sophisticated attacks on individuals, companies and governments,” said researchers from Symantec. “These range from simple identity theft to full-blown denial of service attacks.” Symantec recently reported that World Cup-related scams ... read more»





Symantec buy PGP Corporation and GuardianEdge
(from h-online at 29-4-2010)
Symantec has announced that it has reached an agreement to acquire PGP Corporation for $300 million and GuardianEdge Technologies for $70 million. Both companies are privately held and the deals, subject to regulatory approval, are expected to be completed in June. Symantec say that the frequency and cost of data loss, combined with stricter regulations on privacy and a more mobile workforce has driven the need for encryption and that it feels the combination of PGP and GuardianEdge will give th... read more»





IT security set for change, says expert
(from BCS at 29-4-2010)
The IT security landscape is set to see a number of changes, according to one expert. Speaking at the Infosecurity Europe conference in London earlier today (April 28th) Peter Tippett, Verizon's leading internet security expert, said that security will become 'more measured and more scientific' over the next ten years. According to the expert, the next decade will also see a number of security services relocated to the cloud and user-end internet interaction become 'dominated' by mobile pl... read more»





Guilty verdict in case of rogue network admin
(from IT News at 29-4-2010)
A former San Francisco network administrator has been found guilty of tampering with the city government's computer network. Terry Childs was found guilty of felony denial of service, a charge that can carry a penalty of up to five years in prison. He will be sentenced on 14 June. In what would become a textbook case of dysfunctional security and management practices in IT, Childs made headlines in 2008 when he locked city officials out of their own networks following a dispute with man... read more»





Inscrutable Domain Names Coming, First Four Already Approved
(from lockergnome at 29-4-2010)
A while back The ICANN decided that English, or actually, the Roman Alphabet, was not to be the only way that domains could be named. The ability to use Cyrillic, or Kanji, or any other major character set could be used, which would simplify things for the speakers and readers of those languages.... read more»





Fake anti-virus tools make up 15 percent of all malware
(from dvhardware at 29-4-2010)
A Google study on Internet security found cybercriminals are increasingly turning to social engineering to get malware on computers rather than exploiting security holes in software. The search engine found that fake anti-virus malware now represents 15 percent of all malware that Google detects on websites, a fivefold increase from when the company first started its analysis. Fake antivirus--false pop-up warnings designed to scare money out of computer users--represents 15 percent of all... read more»





Parliament takes aim at illegal online pharmacies
(from EurActiv at 29-4-2010)
A key European Parliament committee has backed new measures against the illegal sale of medicines over the Internet. A report by leftist Portuguese MEP Marisa Matias was approved by an overwhelming majority on the environment and public health committee, although some members said it did not go far enough. MEPs insisted on legislating for Internet sales of medicines, citing this as a conspicuous failing in the original directive proposed by the European Commission in 2008. The committee al... read more»





Online human flesh search for public interest is legal
(from China Post at 29-4-2010)
Online “human flesh searches” — a common practice of Taiwan's Internet surfers to identify controversial individuals — are legal if they are in the interest of the public, the newly passed Personal Data Protection Act stipulates. When lawmakers were discussing the bill for protecting personal data, Internet surfers were worried that such human flesh searches would become illegal.... read more»





McAfee to reveal reimbursement plans this week
(from SecureComputing at 29-4-2010)
Compensation for McAfee's Australian customers impacted by last week's flawed signature update will likely come directly from the security vendor, rather than partners. McAfee will outline reimbursement plans for customers impacted by the April 21 signature update - which crashed thousands of Windows XP SP3 systems - online by Friday. But, Michael Sentonas McAfee's CTO for APAC told CRN that he believes customers will be reimbursed "directly."... read more»





Terry Childs Convicted of Locking San Fran out of Network
(from EWeek at 29-4-2010)
Former San Francisco network engineer Terry Childs has been convicted of locking the city out of its FiberWAN network after learning he might lose his job. Former San Francisco network engineer Terry Childs was found guilty Tuesday of locking the city out of its own network. A jury convicted Childs, 45, of one felony count of denying or disrupting computer services to an authorized user. Childs was charged in 2008 after he refused to provide passwords to the city’s FiberWAN network. The sy... read more»





Google Finds Fake AV Operations Grow on Back of SEO, Malicious Ads
(from EWeek at 29-4-2010)
Fake antivirus security programs now account for 15 percent of all the malware Google sees on the Web, the company reports. Using a combination of search engine optimization and malicious ads, antivirus distribution networks are thriving. New research from Google is shining a light on just how prevalent rogue antivirus scams have become. According to a paper presented April 27 at the Usenix Workshop on Large-Scale Exploits and Emergent Threats, in San Jose, Calif., fake antivirus programs ... read more»





Google finds fake anti-virus programs on the rise
(from InfoWorld at 29-4-2010)
Fake anti-virus software is becoming more prevalent on the Internet, with its creators using clever methods to fool users into installing the programs, according to a new report from Google. Google conducted a 13-month study looking at some 240 million Web pages. The company determined that 11,000 of those domains were involved in distributing fake anti-virus programs, and that those kinds of program comprise 15 percent of the malicious software on the Web.... read more»





IT Group Urges Government To Bolster Industry
(from Information Week at 29-4-2010)
The technology industry began to feel the effects of the recession in 2009 and is in need of government policy to get it back on track, according to a report released Wednesday by industry group TechAmerica. While the tech industry was one of the last in the private sector to be negatively impacted by the recession, the industry lost 245,600 jobs last year, according to TechAmerica's 13th annual Cyberstates report. The pace of job loss slowed over the year, however, and the industry still emp... read more»





San Francisco's "network kidnapper" found guilty
(from h-online at 29-4-2010)
On Tuesday, the network administrator who, in the summer of 2008, made headlines worldwide for manipulating central components of the city's communications network so that only he had access, was found guilty. After four months of proceedings, which included testimony from the city's mayor Gavin Newsom, the jury at the Superior Court of California concluded that the IT expert's actions did indeed constitute a crime. Terry Childs now faces up to five years in jail because the damage he caused ex... read more»





The evil men can do with embedded systems
(from Network World at 29-4-2010)
Embedded IT infrastructure is everywhere, controlling the flow of water and electricity and maintaining the equilibrium of sewage treatment and nuclear power plants. Forget about car bombs and crude atomic devices. That's the stuff Dr. Evil would use to fail. To take over the world, the bad guys are better off hijacking all those embedded systems. That's exactly what they're trying to do, and there are plenty of vulnerabilities for them to choose from.... read more»





Can agency systems handle new FISMA requirements?
(from Government Computer News at 29-4-2010)
New standards released today by the White House for reporting under the Federal Information Security Management Act will require agencies to shift from paper-based annual reports to real time data feeds of system status that will be correlated by the Homeland Security Department. The new requirements are an effort to shift agencies away from paper-based compliance system to real-time visibility, and shift investments from recordkeeping to automated security systems. “Agencies will not spen... read more»





HIPAA Violation Leads to Prison Term
(from Healthcare Infomation Security at 29-4-2010)
A former UCLA Healthcare System surgeon has been sentenced to four months in prison after admitting he illegally read private electronic medical records of celebrities and others. Huping Zhou of Los Angeles is the first defendant in the nation to receive a prison sentence for a HIPAA privacy violation, according to the U.S. attorney's office for the central district of California. Zhou pleaded guilty in January to four misdemeanor counts of violating the HIPAA privacy rule. He admitted obt... read more»





Why you should know the difference between search tools and discovery tools
(from Government Computer News at 29-4-2010)
Government information technology workers might have heard the following three phrases used interchangeably: search tools, information discovery tools and e-discovery tools. Search tools. This term often is used in a generic way to refer to multiple types of internal or external search engines, directories and information archives. Information discovery tools. Some types of information discovery tools are simply multiple search results presented in a logical way to help users make addition... read more»





GSA launches a short-URL service people just might trust
(from Government Computer News at 29-4-2010)
First there was TinyURL. Then came more than 100 other ways to shorten unwieldy Web page addresses into bite-sized links. But government Web site managers discovered that people often are reluctant to trust the shortened, random-coded links leading to federal Web sites. A new site called Go.USA.gov aims to fix that. Go.USA.gov lets registered federal employees convert the long addresses of government Web pages into short-form .gov links that fit easily into Twitter’s 140 characters and ... read more»





Decision on using persistent cookies coming soon, Fed CIO says
(from Government Computer News at 29-4-2010)
The Office of Management and Budget's Office of Information and Regulatory Affairs could make a decision by next month on whether federal agencies can use persistent cookies on their Web sites, an issue that has drawn criticism amid concerns of privacy. “One of the biggest issues we are going to confront as a society is digital privacy and we want to make sure that we are doing so in a responsible way and not making any rash decisions,” Vivek Kundra, federal chief information officer, told a ... read more»





Agency IT gets greener with promotional carbon credits
(from Government Computer News at 29-4-2010)
Federal government agencies are benefitting from a program promoting green IT that allows agency information technology departments to purchase new data servers and receive offsetting carbon emissions credits. More than a dozen federal agencies—including the Energy, Justice, and Commerce departments, as well as the Navy—have taken part in the program, which is expected to save the government more than $4.2 million over the next five years and nearly 24,000 metric tons of carbon dioxide (CO2).... read more»





China set to tighten state-secrets law forcing Internet firms to inform on users
(from The Washington Post at 29-4-2010)
China is poised to strengthen a law requiring telecommunications and Internet companies to inform on customers who discuss state secrets, potentially forcing businesses to collaborate with the country's vast, dissent-stifling security apparatus. The move, reported Tuesday by state media, comes as China continues tightening controls on communications services. It follows a dispute over censorship that prompted Google last month to move its Chinese site to Hong Kong, which provides broader pro... read more»





New security breach notification rules expand security requirements
(from SearchSecurity at 29-4-2010)
Last August, the Department of Health and Human Services (HHS) and the Federal Trade Commission (FTC) issued complementary final rules mandating notification of breaches involving unsecured personal health information as required by the Health Information Technology for Economic and Clinical Health (HITECH) Act, which was passed as part of the American Recovery and Reinvestment Act of 2009 (ARRA). The two security breach notification rules dramatically expand data security compliance obligat... read more»





Three strategies for utility security
(from hostexploit at 29-4-2010)
Threats against power utilities in the United States have never been as real or diverse as they are today. Combating rising theft, vandalism and cyber assaults in today's economy is a challenge for power providers throughout the country. Utilities must also defend against the looming threat of terrorism, which holds catastrophic potential for damage. Multi-billion dollar economic losses are no longer the hypothetical scenario of a successful attack, but are expected even for short-term region... read more»





Latrobe teen gets 1 year of probation for hack
(from hostexploit at 29-4-2010)
A 17-year-old computer hacker from Latrobe who disabled a worldwide video gaming Internet site must serve one year on probation, perform 250 hours of community service and repay Sony Corp. $5,000. The sentencing order from Westmoreland County Judge John Driscoll for the 11th-grader at Greater Latrobe High School was obtained Wednesday by the Tribune-Review.... read more»





Australia is cheapest place for doing insecure business
(from hostexploit at 29-4-2010)
Those country results in full: - USA $6.75 million per breach, $204 per record - Germany $3.44 million per breach, $177 per record - UK $2.57 million per breach, $98 per record - France $2.53 per breach, $119 per record - Australia $1.83 million per breach, $114 per record... read more»





Mexicans to be fined $3 mn for selling confidential data
(from hostexploit at 29-4-2010)
Mexican people convicted of selling confidential personal data collected by the government will be fined up to $2.9 million and face five years in prison under a new bill passed by the parliament. The bill was passed by both houses of Mexico’s Congress Wednesday after a newspaper report said a data package comprised of national election rolls, vehicle registration records, and photo identities of police officers could be bought for $12,000 on the black market. Meanwhile, the Federal Institute... read more»





Russia dominating automated malware kit market
(from hostexploit at 29-4-2010)
Russia is dominating the market for automated Malware creation kits that are sold online to phishers and data thieves. A new report by M86 Security has found that the majority of new Malware creation kits, such as Adpack and Fragus, are being sold in Russian. The company said it had seen a big increase in the size and complexity of such kits, with more than a dozen launched in the last six months. Infecting 1,000 computers in the US for example would net the attacker $170, compared to $110... read more»





Experts Convene at INET San Francisco to Chart the Future of Internet Trust
(from hostexploit at 29-4-2010)
A panel of leading Internet experts will explore key challenges facing critical Internet infrastructure and services, such as the Domain Name System and email, at the INET San Francisco conference at the San Francisco Hilton Hotel on 7 May 2010. The conference, part of the Internet Society’s global series of regional INET conferences, is organized in conjunction with the San Francisco Bay Area Internet Society Chapter. The event follows the Web 2.0 Expo in San Francisco focused on Web-based t... read more»





Severed Undersea Internet Cable to Disrupt Service in India
(from hostexploit at 29-4-2010)
With Internet access being ubiquitous in some parts of the world, it’s easy to forget just how fragile the entire system is. A major undersea communications cable, SEA-ME-WE 4, linking Europe, the Middle East and South Asia was severed a couple of weeks ago and, as repairs drag on, more regions are feeling the hit. Several countries in the Middle East have been struggling with slow Internet and connection problems and it looks like India and other countries near it will be next. Internet user... read more»





Aggressive IP enforcement is a must
(from hostexploit at 29-4-2010)
The Department of Justice announced on April 26 the creation of 15 new assistant U.S. attorney positions to combat intellectual property crime. These new positions will be part of the Department's Computer Hacking and Intellectual Property program, which includes a network of more than 200 specially trained federal prosecutors who aggressively pursue high-tech crime, including computer crime and intellectual property offenses, and who work closely with the Criminal Division's computer crime and ... read more»





Data Breaches Cost U.S. Companies More Than Others
(from eSecurity Planet at 29-4-2010)
According to the report, the total cost of a data breach in the United States averages $6.75 million, compared to $3.44 million in Germany, $2.57 million in the UK, $2.53 million in France and $1.83 million in Australia. Almost half of the costs absorbed by companies in all the countries were directly related to the cost of lost business, with the U.S. checking in atop the list at 66 percent. The study also found that 35 percent of all breaches involved outsourcing to third-parties, and an... read more»





Microsoft Sees Infected PC Numbers Climbing
(from eSecurity Planet at 29-4-2010)
According to Microsoft's data, the largest increases of infected and cleaned PCs came in the U.S., which jumped 10.1 percent from the previous period, China, which rose by 19.1 percent, and Brazil, which gained 15.8 percent. In the U.S., for instance, Microsoft caught 15.4 million infected PCs in the latest period as opposed to 14 million during the first half of 2009. By comparison, PCs in China accounted for 3.3 million cleaned infections in the most recent report, up from 2.8 million in th... read more»





Gulf oil leak from rig explosion puts more than 400 species in potential harm's way
(from Nola at 29-4-2010)
Advocates for preserving Louisiana's battered coastal ecosystem are sometimes accused of hyperbole in assessing its diversity and productivity. But that criticism may end after the list of species coastal scientists said are threatened by the oil spill moving toward the coast reached more than 400.... read more»





Phishing Alert - UK Students Under Scam Attack
(from Symantec at 29-4-2010)
During the past month, scammers have been targeting students by phishing a brand that belongs to the UK government. The legitimate brand provides information and services for government organizations to UK citizens. Students who are seeking financial services for their higher education can apply on this brand’s website. The website requires customers to open an account to access any of the services. An account helps to keep track of all payment transactions. The phishing website that targeted... read more»





Cost of cybercrime to businesses doubles
(from ComputerWeekly at 29-4-2010)
The cost of cybercrime to businesses has doubled to more than £10bn over the past two years, research to be released today will reveal. The survey by professional services firm PwC reveals that 92% of businesses have experienced security incidents over the past year ranging from hacking attacks to accidental leaks of data. Each incident costs businesses between £280,000 and £690,000 to remedy - a significant increase from £90,000-£170,000 in 2008.... read more»





Organizations Not Focusing Enough on Web App Security, Survey Finds
(from EWeek at 29-4-2010)
A survey of 638 IT pros suggests many organizations aren't taking Web application security as seriously as they should be. The survey, performed by the Ponemon Institute and commissioned by Imperva and WhiteHat Security, found that 70 percent of the respondents felt their organizations do not allocate sufficient resources to secure critical Web applications. Some 73 percent said their senior executives were not strong supporters of Web app security efforts, and 71 percent said their organizat... read more»





Can switching to Linux protect your online identity?
(from ZDNet at 29-4-2010)
My ZDNet blogging colleague Jason Perlow has switched his systems over to Linux after his Facebook account was compromised. Can plucky “Tux the Penguin” protect Perlow’s digital kingdom? Sadly, I don’t think so . Now, if someone feels that switching to Linux makes them feel safer, then that’s as good a starting point as any. When it comes to operating systems I’m an agnostic, and see the OS as a platform or a tool, as opposed to a religion or a sports team I have to get behind. With more and ... read more»





The domination of ransomware threats
(from SecurityPark at 29-4-2010)
According to Fortinet's March 2010 Threatscape report, nine of the detections in the malware top ten list resulting in either scareware or ransomware infesting the victim's PC. Fortinet observed the primary drivers behind these threats to be two of the most notorious botnet “loaders”: Bredolab and Pushdo. Another important finding is the aggressive entrance of a new zero-day threat in FortiGuard’s top ten attack list, MS.IE.Userdata.Behavior.Code.Execution, which accounted for 25 percent of t... read more»





When You Think You Surf Anonymously But You Don’t
(from abuse at 29-4-2010)
Many companies, military- and governmental-networks have banned social networking sites like Facebook, Twitter, MySpace &Co from their networks. For instance in August 2009 the U.S. Marine corps just banned Social Networking Sites (SNS) from their classified network (called MARINE CORPS ENTERPRISE NETWORK). Of course USMC is not the only organistion who banned Social Networking Sites from their network – there are many other companies and governments out there which followed the ban at the US... read more»





I Love You On Our 10th Anniversary
(from PCmag at 29-4-2010)
10 years ago this coming week an important and unpleasant event occurred: The ILOVEYOU virus. It was, at the time, the biggest malware event ever, and inspired a generation of script kiddies and greedy, sociopathic programmers. I asked Dave Perry of Trend Micro, an old pro in the field, about the lessons of the Love Letter.... read more»





What do you call people who disclose vulnerabilities irresponsibly?
(from SunbeltBlog at 29-4-2010)
Is it just my perception or are there a diminishing number of good rants on the Internet? “Admin” on the Verizon Security Blog posted a really great one last week that deserves comment. “Admin” is David Kennedy who has been with the research group(s) of NCSA/ICSA/Verizon Business for about 15 years. I worked for him. He took the literary form of the rant to levels that have only rarely been reached in the history of human thought. His rants were so awe inspiring that we began documenting the... read more»





The 3 Most Common Types of PC Virus Infections
(from livescience at 29-4-2010)
Web security and the vexing problem of malicious software made headlines again last week when computer antivirus software maker McAfee sent out a botched update that crashed thousands of computers around the world. Such hiccups in computer security software are rare. What isn't rare is the damage caused by the malicious software known as malware that antivirus software is designed to thwart. Last year hackers stole approximately 130 million credit card numbers, according to an Internet Secur... read more»





Organisational change and IT
(from The Register at 29-4-2010)
It is great to theorise about all the good things IT can bring. Indeed, a fortunate few have that as their jobs. Just imagine what life would be like, for example, if it were possible to provision virtual servers on the fly, or provide real-time business intelligence tools to everyone who needed them, or implement management systems that really did know about everything in the IT environment. How easy everything could be. The reason such things don’t always work is sometimes down to the compl... read more»





Google exec privacy convictions 'based on legal error'
(from The Register at 29-4-2010)
The Italian court which sentenced three Google executives to a suspended jail term made a legal error, according to an Italian legal expert who has studied the judgment (pdf, in Italian). Elvira Berlingieri told OUT-LAW that Google was likely to win any appeal. Three Google executives were sentenced under Italy's privacy laws over the posting on Google Video of a clip showing a child with autism being bullied by other children.... read more»





San Francisco's 'network kidnapper' found guilty
(from h-online at 29-4-2010)
On Tuesday, the network administrator who, in the summer of 2008, made headlines worldwide for manipulating central components of the city's communications network so that only he had access, was found guilty. After four months of proceedings, which included testimony from the city's mayor Gavin Newsom, the jury at the Superior Court of California concluded that the IT expert's actions did indeed constitute a crime. Terry Childs now faces up to five years in jail because the damage he caused ex... read more»





Want to learn about voice biometrics? Attend Voice Biometrics Conf – May 4-5, 2010 – NY City area
(from Voipsa at 29-4-2010)
Want to find out how people are using it for voice authentication, identification and more? If so, consider attending the Voice Biometrics Conference taking place next week, May 4th and 5th, in the New York City area. It’s got a packed agenda and a great list of speakers who really represent the leading edge of what people are doing with voice biometrics. (And yes, I’m one of the speakers and yes, my employer Voxeo is one of the sponsors of the event.)... read more»





Voice Biometrics Conference New York 2010
(from voicebiocon at 29-4-2010)
Opus Research is proud to present Voice Biometrics Conference New York 2010 showcasing voice biometrics solutions to support financial services, contact centers, customer care, mobile payments, healthcare and government services. VBC New York 2010 will bring together the experts, technology providers and implementers that are defining the applications and approaches that take advantage of the fact that each person's voice is a unique and unobtrusive identifier, like a fingerprint. Deployment ... read more»





Web politics: The honeymoon is over
(from The Register at 29-4-2010)
Parallel moves in Canada and the US may signal the end of the honeymoon for web-based political campaigning - or change it beyond recognition. Politicians are becoming increasingly familiar with sudden squalls of email filling up their inboxes, and policy makers with responses to public consultations arriving via a web intermediary. But not surprisingly many of these can be phoney, inflating the true size of what purports to be "grassroots" campaign.... read more»





Vulnerability trading markets and you
(from lcamtuf at 29-4-2010)
There is something interesting going on in the security industry: we are witnessing the rapid emergence of vulnerability trading markets. Hundreds of security researchers now routinely sell exploits to intermediaries for an easy profit , instead of talking to the vendors or announcing their findings publicly; these intermediaries in turn sell the knowledge to unspecified end users, most likely at several times the original price tag. Some intermediaries may eventually release the information... read more»





In the security of mobile devices we trust, say users
(from Net-Security at 29-4-2010)
The majority of mobile device users worldwide feel safe using their mobile devices for applications, including access online banking, according to research by Unisys. The latest wave of the bi-annual Unisys Security Index found that the overwhelming majority of mobile device users in the United States (83%), Spain (80%) and the United Kingdom (75%) said they would be comfortable using the devices for one or more of the applications. Additionally, about half of device users from the Netherland... read more»





Cyber Security 2010: Bringing Together Governments, International Organisations and Private Companies to Address the Cyber Threat
(from internationalcybersec at 29-4-2010)
The attacks against Estonia and Georgia in 2007 and 2008 respectively have rapidly accelerated the development of Cyber Defence. Cyber Security is now a top government priority as can be seen by the fact that President Obama has publicly stated that Cyber Security is now a “national security priority” while the House of Lords have published a report into the need for Cyber Defence to be improved globally. The need for improved Cyber Defence is due to the fact that critical infrastructure i... read more»





ID programme faces first challenge over privacy, data
(from livemint at 29-4-2010)
In the first significant challenge to the government’s ambitious programme to give more than one billion Indians a unique identification number, a group of NGOs (non-governmental organizations) are planning to take the government to court over a range of issues, including concerns over privacy and the safety of information.... read more»





M86 Security Labs Report - Web Exploits: There’s an App for That
(from m86security at 29-4-2010)
In the last few years M86 Security Labs has seen a dramatic increase in attack or exploit kits. These easy-to-use kits are the backbone of exploits in the “wild”. M86 Security Labs research reviews how exploit kits are developed, distributed and monetized globally. The turnover of exploits is quick. The success rate is high. And, all of this for very minimal cost for the exploit kit users and operators. The details in this report will provide a fundamental understanding of how exploits operate a... read more»





Symantec Announces April 2010 MessageLabs Intelligence Report
(from hostexploit at 29-4-2010)
Symantec Corp. announced the publication of its April 2010 MessageLabs Intelligence Report. Analysis reveals that Rustock has surpassed Cutwail as the biggest botnet both in terms of the amount of spam it sends and the amount of active bots under its control. While Rustock has reduced the output of individual bots by 65 percent, it has increased the number of active bots by 300 percent, making up for the decreased output. Meanwhile, Cutwail has reduced in size to 600,000 bots down from 2 mil... read more»





EU to establish cybercrime agency
(from EurActiv at 29-4-2010)
EU ministers have asked the European Commission to assess whether it should set up a centralised agency on tackling cybercrime to prevent online fraud and child pxxxography. On Monday (27 April) EU ministers meeting in Luxembourg asked the European Commission to "assess the feasibility" of setting up a single centre on cybercrime to pool member states' efforts and resources to fight Internet crime.... read more»





TechCrunch Hacker Identified: You Decide If We Press Charges
(from TechCrunch at 29-4-2010)
Remember that hacking incident we had back in January? TechCrunch.com was defaced twice over a two day period and was redirecting for part of that time to a third party site. We got through the event and mostly put it behind us. But recently Garda (Ireland’s national police force) and the U.S. Secret Service have been in touch with us because they think they found our man. He’s a suspect in another case and evidence strongly suggesting he was the TechCrunch hacker as well came to their attent... read more»





Brain games don't make you smarter
(from The Sydney Morning Herald at 29-4-2010)
People playing computer games to train their brains might as well be playing Super Mario, new research suggests. In a six-week study, experts found people who played online games designed to improve their cognitive skills didn't get any smarter. Researchers recruited participants from viewers of the BBC's science show Bang Goes the Theory. More than 8,600 people aged 18 to 60 were asked to play online brain games designed by the researchers to improve their memory, reasoning and other skills ... read more»





Wikipedia rejects child pxxx accusation
(from The Sydney Morning Herald at 29-4-2010)
Wikipedia has strongly rejected its departed co-founder's accusation that the online encyclopedia served up child pxxxography. "Our community abhors issues around pxxxography and pedophilia and they don't want to provide opportunities for these things to take place," Wikipedia spokesman Jay Walsh said. "We don't have material we would deem to be illegal. If we did, we would remove it."... read more»





Australians take to mobile internet
(from The Sydney Morning Herald at 29-4-2010)
Nearly half of all Australian mobile phone users now own an internet-capable phone, but only a third accesses the web regularly on them, according to new research by The Nielsen Company. Australians’ ownership of internet phones now sits at 43 per cent, with 29 per cent regularly using it to search, email, find maps and to share their lives on Facebook, Twitter and MySpace. Even though people have an internet-enabled handset, some people aren't necessarily using it. According to Nielsen's onl... read more»





CIA Boosting Cybersecurity Investment
(from Information Week at 29-4-2010)
The CIA has made investing in technology to prevent and fight cyber threats as one of its three main priorities in a five-year strategic plan unveiled this week. The move is in line with a government-wide ramp-up in cybersecurity efforts across all agencies that have responsibility for protecting critical infrastructure in the United States, such as the Department of Homeland Security and the National Security Agency.... read more»





Detica warns that the 'over-sharing online generation' of office workers are putting organisations' data at risk
(from detica at 29-4-2010)
Detica warns UK businesses that one of the greatest threats to their data is actually inside their own four walls from careless and ill-trained employees. The financial penalty for breaching the Data Protection Act (1998) recently increased a hundred fold, so businesses, now more than ever, need to take their data security seriously. Detica believes there is a three-pronged threat to personal data held by businesses from both outside and inside the organisation - maliciously entrepreneurial ... read more»





Militants using international credit cards for operations
(from Sify at 29-4-2010)
Terrorists, sleeper cells and terror suspects have been using international credit cards to fund their operations in India, Parliament was told on Tuesday. "As per available reports, instances have come to notice regarding use of international credit cards by terrorists in India," Minister of State for Home Affairs Ajay Maken informed the Lok Sabha in a written reply. "Similarly, espionage agents in India have come to notice for using cards issued by the foreign banks," he said. Maken said th... read more»





Palin email witness decries 'dog and pony' prosecution
(from The Register at 29-4-2010)
A witness who testified against the man accused of breaching Sarah Palin's Yahoo! Mail account has criticized federal prosecutors for distorting the facts in an attempt to score legal points. Gabriel Ramuglia said the episode left him so disenchanted that he's changing the logging policy for Ctunnel.com, the anonymity proxy used to access Palin's Yahoo account while she was running for vice president in 2008. Before, he collected the IP address of each user along with the time and address of ... read more»





Infosec surfs in on self-propagating scaremongering
(from The Register at 29-4-2010)
Infosec, the annual IT security trade show, has always been a place to do deals rather than to unveil new research or make significant product announcements. Over the years the conference has attracted a steady stream of high-profile speakers - last year former Home Secretary David Blunkett featured in the line-up. With the general election just days away it's understandable that no politicians made the show this year. Air travel disruption precipitated by the Icelandic volcano meant that som... read more»





Google finds fake antivirus programs on the rise
(from NetworkWorld at 29-4-2010)
Fake antivirus software is becoming more prevalent on the Internet, with its creators using clever methods to fool users into installing the programs, according to a new report from Google. Google conducted a 13-month study looking at some 240 million Web pages. The company determined that 11,000 of those domains were involved in distributing fake antivirus programs, and that those kinds of program comprise 15 percent of the malicious software on the Web.... read more»

Disqus for ePayment News