 |
 |
 |
|
| David Utter > |
|
Romanian Pleads Guilty In US Phishing Case Eighteen months after being indicted by a federal court, one of a group of seven Romanian citizens pleaded guilty to involvement with phishing bank details from people.
DNS Flaw Details Emerge Security pros have been urged to patch vulnerable DNS systems if they have not done so already.
Server Theft Trumps Server Hacking The brute force technique applied to physical goods long before it ever came up in the conversation about breaking passwords to gain access to resources.
Critical DNS Issue Threatens Internet No hyperbole, no joke. People familiar with a flaw in the domain name system sounded a sobering call to administrators everywhere to fix their systems.
Mozilla Patches Firefox 3 A fix for a vulnerability reported a few hours after the Firefox 3 Download Day opened began arriving on people's computers.
Oracle Troubled By Web Component Security The latest run of vulnerability fixes released by Oracle showed troubling trends with making services available with web-facing resources.
Unpatched Systems Survive Four Minutes Online The presence of a firewall helps, but without something blocking the path from automated probes to one's PC, its survivability declines rapidly.
Internet Cafes Threatened Ahead Of Olympics Throngs of visitors to China during the Summer Olympics will include many who want to check up on their email or other online resources. That could be a problem.
Swiss Slammed By Lots Of Spam Inboxes in the tiny European country picked up far more spam than anywhere else in the world during the month of June.
Microsoft Patch, ZoneAlarm Make PCs Too Secure A little incompatibility between a fix for the Windows Domain Name System caused users of a popular firewall product to lose their Internet connections.
Get Ready: Windows XP SP3 On Tap Microsoft pegged July 10th at 1 pm EDT as the release date and time for the third service pack for the Windows XP operating system.
Fortune 500 Lacking In Email Validation One vendor claimed some 60 percent of the Fortune 500 do not use methods of qualifying outgoing email, which could leave them open to being spoofed by forgers.
Google Discovers Privacy "Privacy" became part of Google's home page just before the 4th of July. You're forgiven if you missed the switch.
Google Open-Sources Ratproxy Security Tool An internally-used web application security assessment tool called ratproxy gained broader availability with Google's decision to release it publicly.
Software Should Be Like Food Researchers of web browser security suggested a "best before" approach to informing people their software may not be so fresh any longer.
Feds Slowly Improving In Computer Security Federal Information Security Management Act (FISMA) requirements pad on the paperwork for agencies, but the demands of the Act have made a positive impact in computer security.
Canned Air Helped Beat Encrypted Hard Drives Sure the custom software had something to do with it, but some students at Princeton also found that compressed air enabled an unlikely crack.
ICANN, IANA, Fall Prey To Hacks Turkish hackers believed responsible for shenanigans with image site Photobucket.com's domain earlier in June struck at two major domains that hold responsibilities affecting the entire Internet.
Microsoft, Google Endorse Health Records Standard The two big tech companies joined with a variety of insurers and consumer groups in backing standards governing the privacy and accessibility of health information online.
HP Writes Scrawlr For SQL Injection Detection A recent spate of thousands of SQL injection attacks across the Internet created the need for a tool to diagnose a website's potential vulnerability to them.
Judge, Jury, And Google Trends A Florida trial will serve as the venue for an interesting defense: determining if searching for adult content is mainstream enough to get a defendant out of an obscenity charge.
Early Russert Wikipedia Update Leads To Firing Securing confidential trade secrets poses one challenge to security pros, but the spread of private inside chatter via the Internet makes for an impossible task.
Mozilla Sees Little Risk In Firefox 3 Flaw A vulnerability affecting both the latest version of the Firefox browser as well as the previous one, Firefox 2, poses minimal concerns for users according to Mozilla.
Instant Worm Creation Software Hits The Web A point and click interface for turning .exe files into self-replicating worms makes malware creation an easy prospect for attackers.
Router Attacks Witnessed In The Wild A variant of the Zlob Trojan may be carrying an exploit against routers, subjecting them to brute force attacks against login procedures.
Spammers Shield Junk With Google Docs Another tool in the arsenal of spammers comes courtesy of a well-meaning service from Google.
Universities Show Little Control Over Personal Data Columbia and the University of Florida are two of the latest schools with personally identifiable information about their students posted by the thousands online.
Voice Phishing Rising In Threat Vishing, or voice over Internet Protocol phishing, attempts to steal information from people via the phone rather than the computer.
Once Again, China Implicated In Computer Espionage At the highest levels of government in the United States, some Congressmen believe attackers from China infiltrated their computers.
Microsoft Closes Critical Bluetooth Flaw The monthly updates from Microsoft brought a few Critical repairs to its customers; one fix corrected a remotely executable vulnerability in the Bluetooth stack.
Microsoft Sues Repeat Offenders Over Piracy Sellers of counterfeit software continue to bedevil Microsoft, as the company announced a new series of lawsuits against sellers of pirated versions of Windows.
Economy, IRS Figure In May Spam The monthly look at the State of Spam by security vendor Symantec found the usual efforts to take advantage of current events by spammers.
4Chan Stadium Threat Hoaxer Sentenced An ex-grocery clerk in Wisconsin who repeatedly posted threats of stadium bombings to a website will spend six months in jail.
Romania, Hong Kong Top List Of Dangerous TLDs Whatever the reason, .ro domains figured prominently in a look at where the most dangerous sites on the Internet reside.
Walter Reed Medical Suffers Data Breach File sharing blamed for compromise that may have exposed patient data from the military health system with an outsider.
Gutierrez Possible Victim Of Chinese Cyber Spying Whispers about a potential malware compromise of computers used by Commerce Secretary Carlos Gutierrez during a trip to China raises suspicions in Washington.
Unlocking The Security Of Locks Hackers at New York's 'The Last HOPE' conference in July plan to discuss security of a different sort: the humble, physical lock.
TJX Dinged Over Security-Related Firing A former employee of TJX, which suffered one of the hugest security breaches and exposures of consumer information in recorded history, claimed he had been fired for whistleblowing the company's practices.
Dell Slapped In NY Fraud Case New York's Attorney General Andrew Cuomo won big against the computer maker, with Dell accused of numerous unsavory business practices regarding its financial and tech support offerings.
Aussie Telco Hands Out Infected USB Drives A little perk delivered to AusCERT attendees by national telco Telstra contained a little something extra besides their storage capability.
Woops: Oklahoma Auctions Tax Data-Loaded Drive A computer labeled as coming from the Oklahoma Tax Commission ended up in an auction with personally identifiable information, including Social Security numbers, intact and unencrypted.
White House Parody Site Pranked With Malware A malicious bit of code injection into whitehouse.org poses a concern because some people don't realize the authentic White House site is at whitehouse.gov.
Terrorism Courts The Web A Senate Committee isn't happy with the way terrorist groups embraced online video and the web browser as a recruitment tool.
Chinese Sites Hit With Script Injections A malware attack using a Javascript injection to exploit several old flaws targeted over 327,000 sites in Asia.
Apple's Odd Attitude About Safari The hallmark of Apple's products makes them work as invisibly as possible for their users. In the case of the Safari web browser, it downloads items without letting people know it's happening.
Rumor: Cisco Rootkit Coming To EuSecWest A researcher at Core Security allegedly created a rootkit for the widely-used Cisco brand of routers, and will reveal his research next week in London.
Microsoft Fixes Long-Standing MDB Flaw Remote code execution vulnerabilities received attention from Microsoft in its most recent edition of Patch Tuesday updates; one has been publicly known for seven months.
America's Botnet Needed, Says AF Colonel An Air Force colonel's suggestion that American needs a botnet provokes a strange idea: that the military and intelligence communities don't have one now.
Gas Savings Spam Fills Inboxes The inevitable attention of spammers turned to soaring gas prices, with one set of junk messages promising a way to save at the pump.
Google Expands Enterprise Web Security Security vendors had a stealth competitor enter the marketplace when Google announced it would offer a product that provides web security; Google recently extended security coverage to roaming enterprise users.
Utilities At Risk Over Network Security Utilities' legacy systems receive updates to allow centralized management of their resources over a computer network. Convenient? Sure. Safe? Questionable.
Trojan Plaguing File Sharing Networks A massive outbreak of malware began hitting media swappers hundreds of thousands of times nearly a week ago.
EFF Wonders About Digital Music Rights The disclosure by Microsoft that they will disable license servers and eliminate the ability for MSN Music customers to listen to music purchased from the service on new computers drove the Electronic Frontier Foundation to cry foul.
India Cites Ongoing Chinese Cyber Attacks A year and a half of electronic warfare against public and private network resources in India has been traced back to a variety of attacks and antagonists in China.
McAfee Digests Spam Experiment The 30-day challenge to run an unprotected computer and surf the Internet while filling out every form and answering every spam ended with the reinforcement of a lesson: nothing comes for free.
Storm Botnet Subsides Something new may be on tap to replace Storm as the big botnet pest, as its size decreased substantially in April.
Forgery Spam Still Hammering Inboxes Junk mailings touting all kinds of products, including steeply discounted luxury item knockoffs, pose threats beyond dodgy products.
Israeli Private Eyes Stole Corporate Secrets A private investigation firm made use of spyware to pilfer secrets from companies in Israel; four of their staffers received criminal sentences.
iPhone Gains VPN Boost With Check Point VPN-1 support from security vendor Check Point for Apple's iPhone arrived as the glitzy gadget continues to gain fans from enterprise users.
Microsoft Patch Process Called Security Risk Patch Tuesday could be Exploit Tuesday if malicious hackers escalate the rate at which they reverse engineer security patches.
SQL Injections Hitting Thousands Of Sites The dynamic capabilities of websites powered by back-end databases made thousands of them targets for injections of unsanitized code.
Baker College Takes Cyber Defense Crown The 3rd annual National Collegiate Cyber Defense Competition (CCDC) featured teams of students working to be the best at defending a business network from threats.
More ISPs Quietly Interfere With P2P Comcast serves as the most visible target for Internet users' anger over tampering with BitTorrent and other peer to peer traffic, but the issue may extend beyond them to other Internet service providers.
Microsoft Won't Sue Over Legitimate Flaw Discovery Security researchers do not want to end up being arrested or sued for pointing out problems on a website, and Microsoft would rather know the awful truth than prosecute.
eBay Has Its Romanian Hacker An arrest in Budapest turned up one Vlad Constantin Duiculescu, aka Vladuz, a thorn in the side of the online marketplace.
Google Touts Malware Fight, Skips Real Question The ongoing battle against malware brought plenty of good guys to the fight, but Google's latest discussion of its role leaves out a key question.
Mozilla Fixes Critical Firefox JavaScript Issue Garbage collection in the Firefox JavaScript engine caused browser crashes for some people.
Oracle Issues Critical Product Fixes Patches for the Oracle database and other products arrived as part of the company's quarterly fix cycle.
US District Court Spoofed By Malware Criminals A wave of phishing spam tries to fake out recipients by spoofing a subpoena from a US District Court.
Google Builds Tools To Fight Child Porn An ongoing effort with the National Center for Missing & Exploited Children (NCMEC) by Google produced video tools for use in finding exploitative images and videos.
Old Mistakes Cause New Security Problems The more things change, the more developers keep making the same mistakes, leading to exploits and other problems for visitors.
PayPal Calls For Partnerships Against Phishing One of the most popular phishing targets on the Internet wants to thwart criminals, but needs a lot of help to do so.
Should We Know Where To Find Google? A publication recently put out a list of Google's datacenters by city; though it's interesting to us, Google probably has good reasons for not appreciating it.
Damballa Responds To Kraken Criticisms Security researchers at Damballa who discussed a big new botnet received lots of pushback from the security community.
Microsoft Patches Crack Down On Drive-Bys Malicious websites could exploit unpatched components in Internet Explorer and other Microsoft technologies.
Kraken Exceeds Storm Botnet In Size A new headache for security pros from the Fortune 500 on down emerged in accounts of a wider-reaching botnet called Kraken.
Online Criminals Outsource Their Work A study by security vendor Finjan suggested a trend in criminal behavior has them farming work out to established rings with a technology infrastructure in place.
EU: 18 Months Too Long To Keep Search Data The Article 29 Data Protection Working Party in Europe wants search engines to commit to a much shorter period of data retention than they enjoy today.
Google Street View Becomes Driveway View While one Pittsburgh couple sues Google over its Street View pictures of their residence, another neighboring home found itself the focus of a Google camera car that drove up its driveway.
Google Dinged Over SEO Poisoning The search optimization poisoning attacks against dozens of websites continues its onslaught, with infected search results showing up in Google.
Identity Info Breaches Hitting Everywhere In 2008 Commercial businesses, colleges and universities, government offices, and medical facilities of varying sizes share the common label of being hit by identity thieves.
Another Young Cyber Criminal Eludes Jail Botnet runner Owen Walker, aka AKILL and other names, committed and profited from his role in a gang that infected over a million computers, but did so under the age of 18.
RealPlayer, QuickTime Get Urgent Updates Fixes for both products emerged to counter threats against vulnerabilities in these popular multimedia applications.
Hannaford Grocery Breached With Malware The introduction of malware into the grocery chain's network allowed outsiders to grab credit card information as it traveled from the point-of-sale to the company's back end systems.
IBM Banned From New Government Contracts An ongoing dispute with the Environmental Protection Agency led to the EPA, and all government agencies by extension, banning IBM from receiving new contracts and other federal business.
Advance Auto Parts Compromised For Card Data People who used credit or debit cards at one of 14 locations identified by Advance Auto Parts may have had that information accessed via a network breach.
Virgin Media To Strike Out Music Downloaders The British ISP plans to obey the will of the music industry by warning and shutting off accounts for individuals accused of illicit file sharing.
McAfee Feeding Volunteers Spam For A Month Fifty global volunteers armed with clean laptops and new email addresses will spend 30 days exploring the Internet while unprotected from its threats.
Euro 2008 Ticket Reseller Infecting Site Visitors It appears another code injection attack at a site reselling tickets for the Euro 2008 soccer matches put visitors at risk of a drive-by infection.
IM, P2P Attacks Persist, Pose Low Risk The immediacy of someone potentially clicking on a malicious link delivered by instant messenger or a peer to peer network conversely makes these attacks a low risk.
SafeCentral Locks Down Online Transactions Authentium's Virtual ATM concept reemerged as a secure desktop-to-web application called SafeCentral, which looks like an ideal choice to prevent identity theft.
Porn, Viagra Ads Hawk Fake Security Software A case in Washington state concerns a man using bogus security software to spam other computers via a Windows service.
NSA End Run Gave It Total Information Awareness When Congress ended funding for TIA in 2003, the Bush Administration simply packed up the pieces and sent them to the National Security Agency.
Microsoft Admits Ignoring Jet Flaw Security engineers at Microsoft ignored addressing this latest exploit for years, as they believed existing protections mitigated the threat.
Canadian Privacy, US Laws, And Google
Google AdWords Phish In The Wild Don't get reeled in by this one if you are a Google AdWords client: a new stream of phishing emails aimed at you have been hitting inboxes.
Sequoia Voting Thwarts New Jersey Investigation Discrepancies in the vote recording by machines provided by Sequoia Voting Systems for the New Jersey primary spurred calls for an investigation, one that Sequoia fought off with legal threats.
Government Digital Security Leaks, We Bleed A glacial readjustment of security priorities from the evil-outsider model to the accidental internal leaker of data leaves federal resources playing a frantic game of catch-up.
Justice Catching Up To Spammers Daniel Mascia and Robert Soloway face federal penalties for their spamming, while Robert Bentley awaits a decision on leniency in exchange for his help in tracking down botnetters.
Software Spotlighted Spitzer Shenanigans The US Government hates money laundering and anything that might indicate someone trying to evade taxes, or worse, fund terrorist activity.
Grocery Chain Bagged By Online Criminals As many as 4.2 million credit card numbers were exposed during a security breach lasting several months at East Coast grocer Hannaford Bros.
Berners-Lee: Protect Consumers From Online Tracking</ |