 |
 |
 |
|
| John Stith > |
|
Google Gets A Win Against DOJ A federal court ruled Friday in favor of Google, protecting their ability to keep their searches private. The Justice Dept. requested information they claimed would help them in protecting an antipornography law currently being challenged in the court system.
Clagger K Trojan Bucking For Amazon Users The ever-popular world of Trojans has another horse for the stable in the form of the Troj/Clagger-K, currently being distributed as an attachment. The email claims to come from Amazon and says the recipient will be debited over $500.
Microsoft Gunning For Cybercriminals At a technology debate hosted by EuroISPA, the European Internet Services Providers Association, and co-sponsored by Interpol in Brussels today, Neil Holloway, president of Microsoft Europe, Middle East and Africa (EMEA), unveiled a global law enforcement campaign that will target cybercriminals behind phishing attacks.
House Slated to Pass Data Breach Bill The Financial Data and Protection Act of 2005 (HB3997) currently in the House of Representatives has some problems. The bill, supposedly meant to offer relief for consumers who've been victims of data breaches, is really very weak, particularly compared states laws like California's version. In fact, some may say it offers consumers even less protection than they have now.
British Want Backdoor Closed On Joint Strike Fighter The British government expressed disdain with the United States over the Joint Strike Fighter (JSF), or more specifically, the software code. They claim the U.S. had manufacturers put in a backdoor code in them to control the jets.
Zippo Trojan Choose Extortion For $300 A new virus called the Zippo Trojan is floating about the net and is demanding $300 to unencrypt data it claims to have stolen and encrypted. The Trojan goes through a user's files and moves them into a password protected zip file.
Microsoft’s New BlueHat Security Blog Microsoft's just completed their third BlueHat conference and they've created a blog, called "BlueHat Security Briefings," to discuss topics from the conference as well as get thoughts and ideas from those attending. The blog will also include a lot of information from Channel 9 and other Microsoft venues for purposes of their Blue Hat conferences.
Microsoft Goes After Online Seller Pirates The wizards in Redmond launched an attack against Internet pirates selling their wares on online auction sites like eBay. The attack takes the form of eight lawsuits against sellers moving counterfeit Microsoft product, utilizing eBay auction.
Milosevic Trojan Horse Recently deceased Serbian strongman Slobodan Milosevic became the focus of a Trojan loaded email. The message claims evidence Milosevic was killed and instead a Trojan horse leaves some horse apples in the form of Dropper-FB.
Feds Crack Internet Child Porn Ring Attorney General Alberto Gonzalez held a press conference in Chicago on Wednesday to announce the cracking of a child pornography ring. In all, 27 people in the United State, Canada, Australia and England were charged in connection with the ring.
Critical Vulnerabilities In Flash Macromedia's Flash Player has been tagged with some vulnerabilities that could allow attackers to take control of an affected system. Although an SWF must be loaded into the system for someone to take it over, mistakes are made. Macromedia recommends users to upgrade immediately.
RFID Tags Vulnerable To Viruses A new study, released in Europe shows it's possible to put viruses in the tags containing RFID chips. The little radio identification tags will soon be in more and more products and tracking all kinds of things and now, it seems they will be loaded with viruses too.
Liberty Alliance Sees 1 Billion Adopters In an ever expanding and interconnected business world, secure federated identities are absolutely important. Companies and individuals need reliable methods to maneuver through their networks safely. The Liberty Alliance developed a standard for interoperable federated identities and they expect to hit 1 billion identities by the end of the year.
60% Of Wireless Networks Vulnerable PandaLabs released their new report on Tuesday on the strengths and weaknesses of WiFi networks. They found about 60% of those networks are vulnerable and highlights deficiencies in WEP, one of the more common protocols in WiFi environments.
More Apple Security Updates Apple continues improvements on OS X security with the second update in as many weeks. The new update, released today, comes as Apple has received much scrutiny recently regarding the security of the operating system and its accompanying programs.
Microsoft’s Patch Tuesday Microsoft's monthly Patch Tuesday included an update rated critical, tied to Microsoft Office and one as important, tied to Windows itself. Users should go on and run the updates.
DirectRevenue Settles Up Adware distributor DirectRevenue settled up with Illinois over DirectRevenue's nasty adware that is incredibly difficult to get rid. The lawsuit, filed in April, included charges like using deceptive business practices and bundling adware and spyware.
CIA And The Internet: Now We Know The Central Intelligence Agency (CIA) must fight a new enemy in maintaining the secrecy of their undercover agents: the Internet. In an era of terrorism, the rules for covert operatives are changing, however the Internet makes remaining undercover extraordinarily difficult.
McAfee Messed Up Security software monster McAfee distributed a new virus definition list on Friday morning. The result was pandemonium as the list tagged a number of software programs, including Microsoft's Excel and lots of other applications. Fortunately for both consumer and enterprise antivirus users, they corrected the problem quickly.
Phishing Attacks From Chinese Bank Servers A major, state-owned bank in China runs a web server hosting phishing sites going after major U.S. banks and other institutions. These scams include both Chase Bank and eBay customers and started circulating on Saturday.
Holey Open Source Encryption In the realm of cyber security idiocy, many companies fail to encrypt their huge swathes of consumer data. Normally encrypting is a good thing. However, an open source encryption software program appears to have a problem. There's a security hole in it.
Webroot’s New Toy Webroot Software, Inc now offers a feature to their Premium Channel Edge partners in the form of their Webroot Enterprise SpyAudit tool. The tool can be used to evaluate customers' level of spyware risk.
Kaspersky Lends Malware Support to DeepNines Moscow-based Kaspersky Lab hooked up with Dallas-based DeepNines as they announced a technology partnership on Thursday that will integrate Kaspersky's antivirus and anti-spyware technology into DeepNines' Security Edge Platform.
Lockheed Takes Crack At FBI Computers Defense contractor Lockheed Martin won the job of upgrading the Federal Bureau of Investigation's (FBI) dated computer system. This isn't the first time a company has attempted this costly venture and many wonder if Lockheed is up to the task. Also under consideration is if the budget involved is up to the task after some conceivable estimates hitting $800 million.
Online Terrorist Communities Google's Orkut property seems to be a gathering place for sympathizers of terrorist groups like Al Qaeda. The online social community springing up to support Osama Bin Laden's efforts share videos and links to promote their cause, namely and recruit non-Arabic speaking westerners.
Idiot Watch: Porn Billing Blows Your Wad Online payment service iBill got hit with a money shot when the company managed to get hacked, having some 17 million names stolen. The names have already been circulating around the fraudster/spammer markets.
Google Gives Firefox AntiPhishing Line Firefox, in efforts to improve their own security, is getting a hand from the kids at Google. Google is working with Mozilla to build anti-phishing technology into the next release of Firefox, due out at the end of summer. The proposed phishing shield will be a major feature in Firefox 2.
Lipstick Causes Cancer? A new chain letter is floating around, claiming lipstick causes cancer. The email lists certain brands, suggesting they contain high doses of lead, leading to the horrific disease. Security companies are warning their customers not get suckered into such a thing and just delete the email.
Mac Crack Contest Killed One of the big controversies right now in security right now has been the ability to hack a Mac… or the lack thereof. A contest put together by a Mac guru to test that notion launched at the University of Wisconsin-Madison but it was pulled after 38 hours. How did Mac OS X do in those 38 hours.
Patch Tuesday Preview Thursday Microsoft posted their advanced notification for their upcoming monthly update cycle. There are two security updates, one receiving a critical rating and affecting Microsoft Office, the other an important rating and affects Windows. They're also updating the Malicious Software Removal Tool as usual.
Spam Love In February Spam levels continue to rise according to the latest statistics from Postini. They announced on Monday that spam and encryption volumes were on the rise, virus levels were normal and IM attacks were down in February.
Rogue AntiSpyware Distributes Spyware Rogue antispyware programs sometimes are the best products out there. They're not beholding to any other companies, they probably won't get sued, etc. Occasionally one comes along through causes as many problems as it solves. This time, it seems to be Spy-Shield.
Firefox Wins Over Internet Explorer in Vulnerability Numbers Mozilla Firefox, the current up and coming young browser on the block is creating no end of problems for Internet Explorer (IE) regarding vulnerability numbers. While this debate will continue to rage on, Symantec put together some pretty impressive numbers and they give Firefox the edge.
Stay-At-Home Mom And Porn Spammer A New Hampshire woman pleaded guilty in Arizona federal court and faces up to 15 years in the penitentiary for violations of the CAN SPAM Act, in the form of distributing pornographic spam.
IM Worms Get Smackdown On PCs The worms are everywhere and right now, one place they're coming from is instant messengers. Both Microsoft's and AOL's IM needed a good wormer to fix their problems. These worms are deleting files and hijacking computers. Not good.
Macs Being Badgered In Wisconsin A recent challenge from a Mac owner prompted hackers to come in and take control of his system. While the debate continues over the validity of that contest, the University of Wisconsin put out a challenge to see if, under standard, protected conditions, someone could get into the vaunted Mac.
Symantec Tracks Rise In CyberCrime Cupertino, California-based Symantec released its newest volume of their Internet Security Threat Report. Symantec notes in the report attacks continue to zero in on poaching personal information from PCs and that the notion of merely damaging and destroying data may be a thing of the past.
Married Couple Rides Trojan Horse Authorities in London extradited and Israeli couple from Tel Aviv and charged them with developing, marketing and distributing a trojan horse for use in corporate espionage. They sold the spyware to various investigators for use in spying on clients' rivals.
The Mac Attack Is On A Swedish Mac daddy threw down the gauntlet for hackers to come after his Mac Mini set up as a server on February 22nd. They promptly picked up the gauntlet and smacked him with it. The hacked happened inside of 30 minutes. Yep, the Mac is definitely safer than Windows.
Idiot Watch: Citibank Locks Down ATM Cards One of the largest banking chains in the world, Citibank ran a lockdown of ATM cards for customer traveling or otherwise in Canada, Europe or Russia. Apparently, the network had been hacked. Unfortunately, Citibank seems somewhat lacking as some reported Citibank failed to notify them before they used their card to attempt to retrieve money. Yep… the idiot watch sees something new.
Symantec and Hotbar Love Fest Mega-security software firm Symantec is tangling with marketing company Hotbar in a legal settlement defining Hotbar as "low-risk" adware. The settlement comes from a lawsuit filed by Symantec back in June to get a ruling supporting their position that Hotbar's programs that Hotbar software is adware.
Bagles Busting Chops In another recent, yet delightful development, SophosLabs discovered a new flavor of bagle for your computer's consumption. The W32/Bagle-DO worm began making its way through computers, threatening lawsuits against everyone who gets the email.
Idiot Watch: College Loses 93,000 Names Another "Idiot Watch" story, this time applies to an institution of higher learning. Metropolitan State College in Denver appears to have a problem hanging on vital information regarding its students. While a laptop stolen from a home couldn't necessarily be helped, the fact none of the pertinent information was encrypted could.
March: Fraud Prevention Month The Federal Trade Commission (FTC) and Canadian consumer protection agencies met on Wednesday in Ottawa to kick off Fraud Prevention Month. This is part of an ongoing international effort to raise public awareness of the dangers of fraud and then education the public on how to spot it and report it.
Security Core of Apple’s Update In response to recent holes pointed out in Apple's OS X operating system, the Cupertino kids released a security update patching some 20 holes. The update takes care of the problems from the concept codes as well other security problems.
F-Secure’s World Map Finnish security phenom F-Secure put their "view of the world" online with a map of known virus outbreaks around the world on Thursday. The F-Secure World Map will allow anyone checking in on the map to see the outbreaks real time, on a roughly one hour delay.
ProBlogger Got DoSed The blogging guru Darren Rowse had his blog, ProBlogger, pummeled by a denial-of-service (DoS) on Tuesday. Rowse acknowledged the assault on his blog on Wednesday morning. This is just another in recent trend of attacking bloggers.
Psyciatrist Suckered By 419 Scam The LA Times is reporting today on a prominent psychiatrist still teaching at UC-Irvine being taken in by Nigerian emails trying to set up phony business deals. Dr. Louis A. Gottschaly, 89, may have lost as much as $3 million dollars over the last 10 years according to charges from his son.
Vulnerabilities in Gmail A lad named Anthony, 14, claimed to have found a vulnerability in Google's email service, Gmail. According to his blog he found a problem with javascript running within the preview of the message.
SEC Slams “Paid Autosurf” Ponzi Scheme The Securities and Exchange Commission (SEC) filed charges against Charis Johnson, 33, of Charlotte, N.C. and her companies, 12dailypro and LifeClicks, LLC. According the SEC statement, the scheme took in 300,000 global investors and netted more than $50 million after promising a 44% return on the investment.
PayPal + Spamming+ Trojan= Clagger-H It looks like someone else came up with another way to irritate PayPal customers. The email warns users that their PayPal account has been "temporarily limited" because of a Trojan horse spammed out. All users have to do is open the attached file and if there are any issues contact them
Italian Government Goes After Gambling Italian ISPs railed against new restrictions on gambling sites put in place by the Italian government. The measures put in place as of February 24th imposes dimming of betting and gambling sites that aren't up-to-date with proper authorizations.
Looking For Mr. Goodmail Part 2 America Online claims they want to protect their customers from spam and other nasty things coming through the email. Everyone knows spam is a problem for sure. AOL's done a decent job of it so far. The problem is, now they're going to start charging emailers for the "privilege" of sending safe, secure emails to users who want it. But who's really going to benefit?
Hacker Defender Guru Yields Hacker Defender wasn't just A rootkit, it was THE rootkit for the longest time. The creator, called Holy_father, of said rootkit lowered his sword and yielded the way by taking down his antidetection service.
AOL Reels In Big Phishes America Online (AOL) filed suits in its home state of Virginia utilizing the first anti-phishing law in the country. The suits targets three international groups, charging they stole information from AOL users by sending malicious email in the guise of an "official" email from the company.
Oracle’s Early Security Patch Release: 11i Update Database monster Oracle released an out-of-cycle security patch with multiple fixes for what are considered high-risk vulnerabilities for their enterprise customers. The product in question relates to the Oracle Diagnostics troubleshooting feature of the E-Business Suite 11i and it comes as nearly two months ahead of schedule.
Politically Motivated Cyber Attacks On the Rise Politically motivated cyber attacks were on the rise in 2005 according to statistics released by Zone-H. The numbers of attacks from Jyhadi cyber hackers as well as the attacks of Chinese hackers on U.S. military sites figure into the study as well. The information shows the problem is only getting worse.
OS X In Hacker’s Gun Sites Recent debates over the safety of Mac OS X or the lack thereof have been traveling around the Internet. Loyal Mac folks chomp at the bit every time someone suggests their machine may be becoming unsafe but the reality is just that. The cold fact is Macs aren't as safe as they used to be and it's only going to get worse.
Idiot Watch II: Ernst & Young Data Breach Sometimes crass profanities are truly the best descriptors, though generally not acceptable in a professional world. Last week, software security firm McAfee said their accounting firm, big four member Deloitte & Touche, left a CD with lots of employee information on the plane. Another big four member, Ernst & Young, announced they lost information too.
Trojans For Java Using Mobiles Cybercriminals seem to be constantly expanding their scope. This time they're moving further into the mobile phone market, targeting phones that are Java application capable. A new Trojan called RedBrowser looks to be making the rounds now and while it is annoying, it's easily beatable.
IBM Bucks Microsoft’s Infocard IBM announced they are developing an open source initiative they call "Project Higgins" that will compete directly with Microsoft's recently announced Infocard. The purpose is to develop online identity management, giving people more control while protecting the relevant information.
Computer Security Awareness Video Contest The EDUCAUSE/ Internet2 Computer and Network Security Taskforce (NSTF) along with the National Cyber Security Alliance (NCSA) sponsored a video contest in order to teach people the dangers involved in cyber security.
Record Heist In UK Most features here regard cyber security and various issues surrounding it. This story is a story of a security breach not in the security world but at a security facility in Kent, UK. The heist, carried out during the cold early morning of February 22nd, hit a total of ₤53 million or $92 million, making it the largest cash robbery in British history.
McAfee Mauled By Deloitte And Touche It's always interesting to see one of the world's best-known security software firms be involved in its own identity fraud problems. This time it's tied to big four accounting firm Deloitte and Touche.
Michelle Malkin Hit By Jyhadi Cyberhackers Political columnist and blogger Michelle Malkin was the victim of denial of service (DoS) attack on Thursday after Turkish hackers knocked her site down. While the blog is back up and running, the problem of cyber attacks is still there.
Sophos Fixes False Positive Security software firm Sophos recently had a breakthrough announcement with the discovery of virus concepts related to the OS X operating system for Apple Macs. The cure they offered in the form of a security update looks to have been worse than the disease.
Will Consumer Data Legislation Really Help? Two weeks ago, Congressman Ed Markey (D-MA) proposed legislation designed to protect consumer data by forcing various companies to destroy the consumer information after a reasonable period of time. The big question is will it work?
CardSystems Solutions Redux: The Settlement The company CardSystems Solutions reached a settlement with the Federal Trade Commission (FTC). They were part of the ninth and largest financial data breach in history, compromising tens of millions of people's financial information.
Islamic Hacker Picked Up In France One of the latest trends in terrorism is to vandalize websites through defacement. Sites are hacked and various messages resembling cyber-graffiti will be left on the sites. On Tuesday, the Paris PJ arrested the Moroccan hacker known as Yanis in Metz.
2005 CyberStalking Statistics The cybercrime watchdog group, Working to Halt Online Abuse (WHOA) released their 2005. They're finding out some of the major harassers are white-collar folks including teachers, lawyers and businesspeople. It could even be your neighbor.
Microsoft Defensive Toward iDefense This had to dig in Microsoft's gut just a little bit. Security software company and division of Verisign, iDefense, announced last week they would offer a $10,000 bounty for vulnerabilities Microsoft classifies as "Critical." Perhaps this is a new sort of "viral marketing."
McAfee Rattles Photoshop Adobe, makers of wonderful software, including Photoshop, posted a bulletin regarding the image software. It seems a problem with McAfee VirusScan 8.0i crept up and it's affecting Photoshop CS2 dramatically.
OverPhishing Continues To Grow Phishing websites grew by leaps and bounds according to a new report by the Anti-Phishing Working Group. The number of phishing sites as well as the site that spread malware for password-stealing continued to proliferate in December 2005 and show no signs of getting any better.
Safari Shell-Shocked By Scripts Mac lovers are in a tizzy over the continued onslaught against their beloved Mac OS X. This time Safari is the victim as German website Heise reports on a security flaw in the browser. The option "Open ‘safe' files after downloading" in Safari seems to be doing the dirty deed and the groovy thing is it's activated by default.
Teen Bloggers Offer Too Much Information A new study of teen bloggers, aged 13 to 17, turned a lot of new and useful information about teen bloggers. Unfortunately, some of that information wasn't so good. Teenagers tend to open up on their online diaries and in so doing reveal all kinds of information like names, phone numbers and details of their life.
Chinese Hack Into Lineage South Korean network security firm GEOT blamed Chinese hackers for a massive hit, raiding private information from tens of thousands of people involved in the popular South Korean mmorpg known as "Lineage.
More Mac Viral Love: Inqtana F-Secure picked up on two more variants of the Inqtana worms. While the worms are extremely limited in their lifespan, they do show hackers are beginning to play with the code and more serious threats will be coming soon.
Big Mac Attack Debate Continues One of the hottest security issues running right now remains the Mac OS X virus discovered by Sophos last week. While some argue this OS X virus isn't cause for alarm or even something to be taken seriously, after reading the information, common sense would dictate otherwise.
New Mare Kicks At Linux Much attention is going to other viral issues on other operating systems right now. That doesn't mean operating systems like Linux don't feel the love because it does. The delightfully well-received Mare family of worms has yet another offspring and this one exploits a vulnerability in Mambo.
Apple’s Words of Wisdom It seems Apple has sent a warning to hackers. As the first viruses for the vaunted inherently more secure Mac OS X, Apple left messages sprinkled throughout their operating system for would-be hackers with pirating plans.
Mac OS X Viral Infections The Mac from Apple was long thought to be relatively safe from viruses and the like, but a new virus is worming its way through via iChat and it's doing a good job. That was yesterday. Another proof of concept worm appeared today. This one gets in through Bluetooth.
Another Company With Microsoft Anti-Spyware Problems Microsoft is a mixed bag for many regarding cyber security. Last week, Microsoft's anti-spyware beta scanned computer with Symantec's Norton anti-virus and called it a password stealer. Now another company, BitDefender, reports similar problems. They weren't too happy either.
Microsoft Weekly Security Release Microsoft released their monthly security patch on Tuesday and it included seven security bulletins. The bulletins varied and cover a number of different problems. Two of those bulletins were rated critical and five were rated as important.
Olympic Gold Medalist And Spyware Distributor Australian skier and Olympic Gold Medalist Dale Begg-Smith also looks to be a first-rate spyware distributor. The site StopScum.com put together the information discussing Begg-Smith and his brother and their background because the only thing they do as well as skiing is spyware.
A Worm In The Apple Abingdon, England-based SophosLabs discovered a worm in the Apple OS X platform. The virus named OSX/Leap-A or OSX/Oompa-A moves through instant messaging, specifically, the iChat client.
Spyware Is Everywhere Everyone knows spyware on the Internet is a huge problem. There's tons of malicious software out there solely for the purpose of gleaning information on various users. And they do. A recent study done at the University of Washington explains just how much is out there and it's not pretty. The problem is nearly all of this is for Internet Explorer (IE) alone.
UK Wants Backdoor Into Windows The UK wants in through the backdoor of Windows and they're negotiating with Microsoft over it. The logic from the UK is the new Windows: Vista will make it more difficult for police to peruse suspects' computer files.
Judge Says Companies Don’t Need To Encrypt A federal judge in Minnesota decided companies don't necessarily need to encrypt data as part of their cyber security framework. Stacy Lawton Guin filed suit against Brazos Higher Education Service saying encryption should be part of the standard security. The judge said no.
Croatian Crashes BitDefender For Beer, Vampires Security software company BitDefender recently held a contest called "Crash and Win," inviting Linux junkies to take a shot at their beta version of Mail Protection for Enterprises product. While obviously a promotional ploy, it's definitely cool as first prize was a road trip to Transylvania (Romania) and 1,024 German beers to enjoy on the way.
NCSA Examines 2006 Cyber Threats In conjunction with the Department of Homeland Security (DHS), the National Cyber Security Alliance (NCSA) announced their Internet threat list for 2006 and online best practices to help protect consumers from online threats.
Brazilian Hacker Smash Brazilian authorities raided a phishing scam, arresting 55 people, in which authorities believe millions of dollars were stolen. The scams reportedly swiped $4.6 million from 200 accounts in six different banks.
Microsoft Doesn't Show Norton The Love If one didn't know better, one would think Symantec was lovelorn over Microsoft's new anti-spyware beta. Usually it's a good idea to bring a trojan on a date. This time, however, Microsoft's Anti-Spyware beta tagged Symantec's Norton Anti-Virus as password stealing trojan virus.
Olympic Computer Viruses The Olympics is meant to be a symbol of international cooperation and goodwill. Hundreds of athletes from all over the world compete in the winter and summer Olympic games. With the Winter Olympiad currently underway in Torino, Italy, it also provides an excellent opportunity for a few jerks to load pass out new viruses.
New Danish Websites Hacked Muslim hackers continue their retaliatory assault on Danish websites over the political cartoons run in Danish newspapers last year and more recently in other European publications. As this story is being written, the number is up to 1819 Danish sites alone and continues to rise.
China Can’t Deal With Pirates Most of the time, pirates in any venue are looked down upon. Those who spread secrets aren't always the good guys. In China, however, these two groups, while being looked down upon are becoming heroes to some as they attempt to break through China's intense scrutiny and censorship of all types of media.
DHS Ends First Mock Cyberattack The U.S. Department of Homeland Security (DHS) completed their Cyber Storm cyber-war games exercise last week. It was the first full-scale government-led cybersecurity exercise of its kind to examine response, coordination and recovery mechanisms from local, state, federal, international and private sector responses. There were 115 public, private and international agencies, organizations and companies involved.
Bagle-EN Gets Cream Cheese: Dedicated SMTP Engine It seems Bagles are found at more places than the local deli. A new version of the mailing worm Bagle-en@MM uses its own SMTP engine to send itself to all your friends and relatives. Don't forget it also gets keys to the backdoor.
New Email Scam Tags Fund Firm Some people get the scams in their email everyday. Some wealthy person died in a foreign country in an airplane crash or you won some European lottery or some other asinine scm. There's a new scheme in town and it's picking on Boston-based financial management firm Fidelity Investments and its investors.
Google Wants To Get In Your Business Oh how the mighty have fallen. Google has introduced a new feature into called "Search Across Computers" and it's got more than a few people up in arms about it. The new feature allows users to work through files on other computers in their network. Of course all these files are stored on Google's servers back in Cali.
Microsoft Shows New Firewall Beta Microsoft's been putting out some eye candy leading up to next week's RSA Conference. They opened the shades on their new ISA 2006 firewall public beta and threw in some new Client Protection and Antigen for Exchange early customer betas for bling-bling.
Firefox Exploits Abound Last week, Mozilla distributed a critical update for their Firefox browser. For those who didn't update, they should because the exploits are out now and they hit hard. The bug hit the net on Tuesday most security folks are saying update now.
German Wikipedia Off The Hook In a recent suit brought against Wikipedia associates at Wikipedia.de, the German district court in Charlottenburg found for the defendants. The case involved the parents of the deceased hacker known as Tron suing because Tron's actual name had been listed on a Wikipedia entry regarding him.
Hacking MySpace The online social communities have become incredibly popular with many people. One of the most popular of these social communities is MySpace. While many people register on these sites, one thing people find annoying are the ads, even in their profiles. It seems someone has found a way to make changes to that profile, of course without the blessing of MySpace.
Feebs Variant Behind Complex eBay Fraud The kids at Aladdin tracked down a new Feebs Trojan variant that includes a nasty and dangerous new fraud scandal tied to eBay. With new phishing scams popping up every day, it's no surprise another big one has come down.
Liberty Alliance Continues To Grow The Liberty Alliance Project, a consortium aimed at improving online authentication standards announced this morning the addition of 15 new members to its growing list of powerful players.
Russian Bugs Bust French Internet Users Computer criminals from Russia lifted more than €1 million from French bank accounts using what some call sleeper bugs to infect computers. The little bug was quick and dirty when some customers got hit for as much as €40,000 in a fell swoop.
Microsoft Gives Details On OneCare Live The Redmond railroad keeps on moving with the announcement of pricing and licensing details surrounding their new subscription based security service. Microsoft's OneCare Live will be available in June from both retailers and online.
More Windows Security Problems Microsoft issued security advisories on Tuesday regarding vulnerabilities in Windows. First comes another possible problem tied to the WMF vulnerability and the other is tied to a research paper about default services behavior.
Danish Websites Under The Gun One of the biggest international controversies right now surrounds political cartoons run in a Danish newspaper back in September. The issue's come to a head in recent weeks and while the world watches the testy mobs in the middle east, web sites based in Denmark are getting attacked.
Windows OneCare Live Is On Its Way Discussions on Microsoft's security product have been ongoing for some time. The discussion will really kick in as Microsoft let it be known the Windows OneCare Live is coming out shortly. The new product is expected to challenge Symantec and McAfee for dominance.
Spanish Hacker Heads For Hoosegow Sometimes getting even isn't such a good idea. Santiago Garrido, 26, decided a "denial of service" worm was the way to go when he got booted from the "Hispano" IRC chat room.
NyxemD Update: Indian Damage Control While the NyxemD virus remained a low threat for many people in this country, some places had a problem with it. Reports from other countries are coming in detailing the extent of the damage. The first big report comes from India and a few users had problems.
LogLogic Logs Exchange Email San Jose-based LogLogic announced on Monday the first edition of their information logging software designed to keep track of all email messages running on Microsoft's Exchange Server.
IE7 Glitches Fortunately, Betas are sent out to find problems. Microsoft put out Internet Explorer 7 Beta2 Preview (IE7B2P) for just that reason. They weren't disappointed because as IE7 got used, it opened up like a rotten log and bugs came flying in all directions.
Looking For Mr. Goodmail Spam continues to be a major problem on the Internet. People all over the world receive millions of emails everyday and the vast majority of it is absolutely worthless.
Virus Infects Russian Stock Exchange Computers on the Russian Stock Exchange were blasted with an unnamed computer virus and shut down Moscow's Russian Trading Exchange (RTS) last Thursday.
NyxemD: The Little Worm That Didn’t NyxemD, perhaps better known as the Kama Sutra worm had the potential to be very nasty. Fortunately, people paid attention and cleaned it from their computers. Damage was minimal and that's a good sign. The tallies are coming with the statistics. What did they say?
Hacking Xboxes For Fun And Profit Apparently, the original Xbox has been completely hacked without the need for any modchip/softmod. According to hackers online, this also opens the door for them to really begin hacking on the Xbox360.
19 Charged In $6.5 Million Software Piracy Case A federal grand jury in Chicago passed out indictments for 19 people charging those people ran an Internet piracy racket sitting on a cool $6.5 million worth of copyrighted movies, software and games.
Mozilla Needed A Fix Mozilla pushed out a new version of its Firefox browser on Wednesday and it contains a number of critical security updates. Something to note about this release is it's the first time Mozilla has used the auto-update feature.
White House Email Controversy Most people have heard of the special investigation into the Bush administration's apparent leak of undercover CIA operative Valerie Plame. While one could write volumes on the politics and the legalities involved, for our purposes, we will discuss email archival or in this case, the apparent lack thereof.
AT&T Sued For Helping NSA The Electronic Frontier Foundation (EFF) filed suit on Tuesday against AT&T, charging the venerable telecom giant of "violating the law and the privacy of its customers by collaborating with the National Security Agency (NSA)."
Biometrics Cracked A new case surfacing in Holland this week on the Dutch TV show Nieuwslicht (Newslight) said the security of a biometric passport had been compromised. Apparently, the hackers read the passport remotely and then cracked the security using inherent flaws. The biometric data was then accessible.
No Breakfast At Tiffany’s For eBay There's nothing like a little fraud to rattle the cage of the world's largest online auction house. Audrey Hepburn's favorite jewelry store claims their cage has been rattled long enough and has filed suit against eBay.
Identity Theft Continues To Climb A new study published yesterday said identity fraud was up to $57 billion in 2005. While online fraud was significant, it wasn't the main factor. The study suggested only 10% of ID fraud cases happened on the online.
Honeywell Employee Information Posted On The Net Honeywell International has some issues to resolve regarding its employees. The company is offering credit monitoring and identity theft insurance after 19,000 current and former employees had all their personal information posted on the net.
Kama Sutra Showing The Love The Kama Sutra worm is dropping its load tomorrow and you better have your security updated. This worm isn't a scammer or a phisher or a spammer. It's a destroyer. It's not looking to access your information for credit card numbers. It's looking to wipe out files from your hard drive, not all of them but enough to make it annoying certainly.
Valentine’s Day Fix For Kama Sutra Worm It's a decent headline. It's better than saying Microsoft is waiting to fix a vulnerability being exploited until after the fact. The Kama Sutra worm has been making and is estimated to have made its way into close to half a million computers worldwide. Patch Tuesday is next week so they'll wait and fix it then.
FTC Slaps Down Spammers The Federal Trade Commission convinced a federal judge to issue a restraining order in January against three people accused of spamming according to a statement from the FTC on Tuesday.
eBay Buyers Want What’s In Your Hard Drive Maybe you should clean out your hard drive before you put it up for sale on eBay. People may want to see what's in it. A researcher suggested on Monday that people search for hard drives with lots of interesting information on hard drives for sale at the online auction house. This includes personal information like credit card numbers, let alone what you download.
Symantec Picks Up Oracle CIO Security software giant Symantec picked up a new hire with some import. The new hire, David Thompson, comes directly from the database dudes at Oracle as their CIO. Now he'll do the CIO thing for the kids at Symantec.
Microsoft’s OneCare: Spywares’ Best Friend? One of the great battles raging on the Internet is one of spyware and adware. People don't want it and don't need it because it can cause real problems for one's computer. Microsoft's new two-way firewall, OneCare doesn't offer right way protection because it leaves the hole open for spyware to get into a user's PC.
UK To Strengthen Cybercrime Laws One of the biggest problems with cybercrime in the UK remains the law. Back in 1990, the government passed the Computer Misuse Act. Unfortunately, the government has failed to keep up with changes in cybercrime and in so doing leaves many individuals and businesses with no real legal protection to fend off many attacks.
Rhode Island Hack The Rhode Island state government web site suffered a security breach in December with 4,117 credit card numbers lifted from the site. The breach happened because of one line of code used in the Rhode Island office of New England Interactive (NEI), the company that maintains the site.
Winamp Zero-Day Exploit Hackers cracked the new Winamp in record time as AOL prepared a new download for release a day after the hackers launched their assault. The Winamp 5.12 media player was the victim of a zero-day exploit.
Ameriprise Loses Laptop Too: 230,000 IDs Ameriprise Financial, a spinoff from American Express, lost a laptop computer with upwards of 230,000 customers' and advisors personal information on it. 230,000 names were compromised because a laptop computer was stolen from an employee's parked car. This sounds like déjà vu all over again. Did I mention the info was unencrypted?
Cisco Says VPN Vulnerable Cisco Systems warned on Friday via a security advisory of a vulnerability in its VPN 3000 Series concentrators. They said the vulnerability could allow a hacker to send a crafted HTTP packet that would result in a denial-of-service attack.
Stinx-N Trojan: College Rapist Emails Acts like rape are tragic enough without some second-rate hacker trying to make things worse. A new Trojan, Troj/Stinx-N, is floating around with subject lines talking about university rapists.
AMD Forum Under WMF Attack It looks like AMD's discussion forum has had a hex placed on it. When people visit the discussion forum, they get a WMF exploit plopped right down into their lap or in this case, their computer.
180Solutions Drops Lawsuit Against Zone Labs Back in November, 180Solutions filed a lawsuit against Zone Labs, a company best known for its firewall software. 180Solutions filed suit because Zone Labs listed their software as spyware. 180Solutions didn't like that. But today, the lawsuit was dropped with strong attached and no reason for dumping the suit.
New Study: Cybercrime Losses Down A new study released by Computer Economics suggests financial losses world wide from malware are down. The figures say the year 2005 hit losses upwards of $14.2 billion this was the first time since 2002 the number actually went down.
VoIP Getting Dangerous? Voice over Internet Protocol (VoIP) is like a barn full of grain, waiting for rodents to move in according to a new report released by Cambridge and MIT. The study released on Thursday suggested VoIP is ripe for the picking of hackers around the world.
Japanese Spyware Developer Busted Authorities arrested Atsushi Takewaka, 31, on suspicion of stealing Internet bank account passwords and using them to raid money from online bank accounts totaling into the millions of yen.
ChoicePoint Chokes Up $15 Million On Privacy Violations Atlanta-based ChoicePoint agreed to settle up with the Federal Trade Commission (FTC) for lean $15 million on charges of violating consumer protection laws. The charges said ChoicePoint allowed criminals access to lots of personal financial information on upwards of 163,000 people.
FTC Top 10 List For Fraud The Federal Trade Commission (FTC) released their top 10 list on Wednesday and it's got some interesting details. Identity theft topped the list and accounted for about 255,000 of the 686,000 complaints filed over 2005.
Microsoft, Washington AG Sue, Charging Spyware Redmond-based software monolith Microsoft and Washington state attorney general filed suits against antispyware vendor Secure Computer LLC. They charge the company's "Spyware Cleaner" product not only doesn't remove the spyware, but also makes those computers less secure.
Biggest Online Security Issue: Trust IBM's Internet security study released yesterday has tremendous amount of useful information. As some of the results are mulled over, one thing has become apparently clear: users don't trust the Internet.
Vista And The Two-Way Firewall As everyone gets ready for Microsoft's release of its new Windows: Vista, one major point of discussion is security. One thing they've added will be a two-way firewall to the mix. This new feature will allow for tighter controls on the firewall for both ingoing and outgoing items.
Harvard & Oxford Mashing Malware The folks at Harvard's Berkman Center and Oxford's Internet Institute launched a new "Neighborhood Watch" system for the net. They're calling it www.stopbadware.com. Some major players including Google, Lenovo, and Sun back the initiative, and Consumer Reports WebWatch will act as an unpaid special advisor.
ESPC Goes After Utah’s Child Protection Registry The Email Sender and Provider Coalition (ESPC) along several other organizations, announced on Wednesday they were filing an application of amici curiae against the Utah Child Protection Registry Act.
U.S.: Spammer #1 The United States continues to hold onto their position as the world's number one originator of spam followed closely by China. Two years ago, Microsoft master Bill Gates predicted spam would be dead. In all actuality, it's alive and well.
A New Pack of Trojans Just when you thought you'd run out of Trojans, you find a few more. These Trojans work through the cell phone. These viruses can be dangerous, but with protection they can be stopped.
Blue Frogs Consume Spam Blue Security announced their expanding the capabilities of their Blue Frog spam reporting software to work with Google's gmail, Yahoo's mail and MSN's hotmail. The new service will be a dramatic expansion of their product originally offered back during the summer.
Felonious Hacking In California California hacker Jeanson James Ancheta, 20, pled guilty in Los Angeles federal court to taking control of hundreds of thousands of computers in the form of four felony counts which could land him a six-year prison sentence and federal fines.
WikiPedia.de Goes Down A German court ordered the German version of Wikipedia, Wikipedia.de, closed on Monday. The order came as a result of a lawsuit against Wikimedia Deutschland filed by the family of a deceased hacker after the online encyclopedia printed the full name of the man.
Big Blue Vision Into 2006 Cybercrime IBM released their thoughts on cybercrime for the coming year and those thoughts aren't terribly nice. They predict cybercrime is going to get much worse and the worst part is they feel average computer users without their own knowledge will commit most cybercrimes.
Bulgarians Score Phishing Bust Microsoft hailed Bulgarian authorities for scoring on an impressive bust of organized criminal phisherman. The Bulgarian National Services To Combat Organized Crime (NSCOC) for their work leading to the netting of a crime ring of eight people charged with operating an international phishing ring.
CDT Files Suit Against 180Solutions The Center for Democracy and Technology (CDT) requested the Federal Trade Commission levy charges of "illegal and deceptive" practices against Internet marketing firm 180Solutions Inc. for distributing intrusive adware.
Nasty Nyxem Bomb Ticks Away The Nyxem.E virus continues to spread, with reports hitting over half a million infections as of Saturday and averaging about 800 hits every fifteen minutes or so. The payload is slated to drop on Friday, February 3rd and is it ever nasty.
Parliamentary Hack Update: The WMF Connection Last week it was reported British Parliament computers were hacked over the Christmas break. A number of emails were sent to various people throughout parliamentary offices with Trojans in order to gain control of the respective computers. Here's the catch: the hackers were making use of the WMF vulnerability in Windows to get in. Redmond, we have a problem.
British Parliament Hacked Reports out of the United States in recent months said the U.S. military was assaulted by hackers working out of China. SANS suggested this was done with Chinese military support. Over Christmas break, hackers attacked Parliament in London and sensitive information was believed to have been accessed, once again by China.
FBI Computer Crime Reports The Federal Bureau of Investigation released a new study covering computer crime and the numbers weren't good. Computer-related crimes cost U.S. business an incredible $67.2 billion a year.
Cisco Security Patches Cisco Systems cut loose two new security advisories and the appropriate patches for vulnerabilities in its CallManager software product. CallManager is Cisco's software-based IP telephony call-processing module of their Media Convergence Server.
Security Problems For Microsoft & China Microsoft appears to be having problems right now. In much of the world, Bill Gates and his software giant appear to be ogres. The company is under much scrutiny by the blogosphere because of their decision to restrict or in this case eliminate controversial Chinese blogs not agreeable with the Chinese government.
Instant Message Attacks Up 826% Instant messaging (IM) is becoming a method of choice for communication for many people and cyber attacks through IM are becoming a force to be reckoned with. New information shows attacks are up 826% and don't show signs of slowing down.
Vulnerabilities In F-Secure Finnish security software firm, F-Secure announced they had a few problems in their product and put out a bulletin to cover them. The vulnerability affects a number of their anti-virus products for both Windows and Linux.
Google’s Fighting For Your Privacy Online Online privacy is an issue of constant debate. That debate shot through the roof when the Justice Department demanded Google adhere to a subpoena issued a year ago. The subpoena demanded the search engine company turn over a number of records in the name of online child pornography.
Happy B-Day Computer Virus January is a time of dubious celebration for that most acerbic of inventions, the computer virus. Back in 1986, the Brain made its way into computers via a 5 ¼ inch floppy computer disk. The Brain wasn't particularly nasty but it set the stage for something grand and nefarious.
HP and Hitachi on Security HP and Hitachi, Ltd. today announced that researchers from HP Labs Bristol, UK., and Princeton, N.J., and the Hitachi Systems Development Laboratory will conduct joint work on key security and privacy issues.
MillionDollarHomePage Hacked Someone always has to screw with someone who did something cool. Hackers are picking on Alex Tew, creator of the MillionDollarHomePage. Hackers were holding his site for ransom for $50,000. They sent him the note, he told them no and his site came tumbling down. The FBI is investigating the matter.
The Kama Sutra Worm Making Rounds Worms come and worms go but they never leave for good. A new one is making the rounds and it's utilizing the ever-popular naughty side of the Internet to spread its unseemliness.
Windows OneCare: Why’s the Firewall Coming Down? Microsoft's blog dedicated to Windows One Care recently began working on the question of why people take down their firewalls. Some interesting results turned up and most of them were a bit silly.
Outsourcing And Security Concerns Outsourcing is becoming a way of life for many corporations in the United States. They outsource everything everywhere. One problem with this might just be security. As people call all over the world for customer service for their credit cards or some product in a catalog, how do we know to trust what's at the other end?
WIndows Has Holes In WiFi As if Microsoft hasn't had enough security problems in their software in recent months, a new vulnerability has come. Hackers could potentially exploit the Windows feature that automatically searches for WiFi connection.
Windows Vista Security Update: WMF Lives On The WMF issue has been a real thorn in the side of Microsoft. The kids in Redmond plopped out their first update for Windows Vista and it appears to be for the same problem wit the WMF images that riddle other versions of Windows.
Being A Squirrel Against Spammers It's always nice to see a spammer who gets his. Back at the end of December, Darren Brothers put together an interesting little project to cause problems for spammers. The program he put together got one spammer to surrender. His solution: fight fire with fire.
Symantec Adds New Features To Anti-Virus Symantec today announced the delivery of product technology updates to its consumer and enterprise antivirus solutions, providing users with expanded protection against stealth computer threats. These updates are the first incremental technology updates Symantec has brought to its consumer solutions.
LSU Gets Federal CyberCrime Center The Federal Bureau of Investigation plans to put a new Cybercrime Command Center at Louisiana State University (LSU) located in Baton Rouge. This is part of the federal government's expanding initiative to go after cybercrime.
Spanish Hacker Cracked Defense Department The bell tolled for an 18-year-old hacker in Spain after he was picked up and charged with cracking into a top-secret computer at the U.S. Naval Base Point Loma in San Diego. As an adult the young man could see serious time in prison or get a serious job with some government agency.
Wanna Russian Billionaire’s Fortune? Spammers Do A spam email is floating around the web promising billions to a few million lucky individuals. Spammers email attempts to fool people into thinking they will receive some money from jailed Russian oil tycoon Mikhail Khodorkovsky.
Consumer Confidence Up On Security Software Protection The holiday season saw record sales for the online retail industry and one big reason appears to be consumer confidence in protective security like anti-virus and anti-spyware software. A new study published by the Business Software Alliance (BSA) lays out the numbers.
Spyware Defined The Anti-Spyware Coalition completed its guidelines for providing a common way to classify spyware. Big companies including Microsoft, Symantec, McAfee, AOL, Yahoo and Computer Associates are on in this program. Spyware remains one of the top annoyances on the Internet and has been for quite some time.
Anti-Spyware Fighting: Spybot Vs. Symantec Spybot Search &Destroy (S&D) provides an anti-spyware service. Like others, one downloads the software, keep definitions updated and run the program at regular intervals to keep the adware/spyware out of one's computer. More recently, Spybot had some problems with Symantec and now the word libel has begun to appear in places regarding the two companies.
QuickTime Trouble For Quicktime Media Player A recent security update for Apple's Quicktime media player would seem to be the culprit for a number of glitches being reported on Apple's forums. The patch is being blamed for problems in both Mac OSX and Windows.
Symantec Rootkittin’ Around We thought we could trust our security software companies, but that doesn't seem to be the case. Symantec recently got caught with their pants down… er… cloaked when they came clean about a rootkit they put into their Norton SystemWorks product. Apparently, the Sony BMG fiasco caused them to rethink things a bit.
Another Bank and 90,000 Names Another bank lost another bank tape, this time with upwards of 90,000 names on it. The People's Bank in Bridgeport, Connecticut reported lost the tape en route the bank said today.
FBI Warns Of Mining Accident Phishing Scam The Federal Bureau of Investigation (FBI) posted a warning regarding a fraudulent email floating around requesting financial help for the survivor of the Sago Mine accident.
Guess Who Bought Your Phone Records? One of the biggest sides to cyber crime continues to be privacy problems. A political blog recently began discussing the issue and more specifically, how easy it is to acquire cell phone records for a nominal fee. At this time, federal regulations are minimal regarding cell phones and even finding unpublished landline numbers.
Hodges Leaves McAfee, Joins WebSense Gene Hodges, president of McAfee, jumped ship and became President and CEO of WebSense, another security software firm. All this comes hot on the heels of an agreement McAfee reached with the Securities and Exchange Commission after they charged McAfee with cooking the books.
Banks Ranks In ID Fraud Protection The year 2005 turned out to be a very rough year for identity fraud and banks in particular. Literally millions of identities were compromised from financial institutions and entities both big and small. A new study was just released ranking the top institutions in their efforts to fight identity fraud.
Apple Eyes In iTunes: A Little Bit Of Adware? It would seem Apple is watching what you listen to. A new version of iTunes for Mac looks to be discussing the users behavior with the home office. Bloggers are reporting in that the new update is asking to contact 207.net (better known as Omniture) and then passes on the information Apple deems useful back to Apple.
Hotel Hacks: More Identity Fraud Identity fraudsters never stop, certainly not in the new year. The Bahamas luxury resort Atlantis reported to the SEC they had information lifted from their computer system with some 55,000 identities compromised.
Volkswagen Lottery Scam Running Rampant A new scam is floating around the web waves and this one may tempt a few people. "The Lottery Department" for Volkswagen Automobiles has announced a new contest to win a new VW and ₤1 million pounds. Quite a nice treat to be sure but unfortunately, it's not real.
New WMF Vulnerabilities Found Microsoft continues to have problems with its WMF handling. While the zero-day problem was corrected, other problems have crept up around the very same program. Microsoft released the fix last week but it looks like they've got some more work to do.
Patch Tuesday At Last Redmond-based Microsoft released their long-awaited patch on Tuesday as part of their monthly security update. This month has been riddled with controversy as they did an early release for one problem last week and dropped two critical updates today.
Cyber Security Czar Heading CIA Branch The former head of the U.S. cyber security division is taking over as president and CEO of In-Q-Tel, the CIA's venture capital arm. Amit Yoran, 35 took the job last week and has experience both in technology and in venture capital.
Bindview Bound Into Symantec The Cupertino kids at Symantec completed their acquisition of Bindview Development Corporation, a company specializing in agent-less IT security compliance software. The deal was done on January 6th.
Sporting A SploitCast: CyberSecurity Podcast Feeling a little paranoid about your computer's security? Is there some force in the universe calling your inner geek? Are you a hacker? If you answered yes to any of these questions then there is now a podcast for you. It's called Sploitcast, the "podcast for hackers, geeks and the security paranoid."
Google’s DRM: Is It Safe? Last week's Consumer Electronics Show (CES) dominated the tech industry in recent days and many are still talking about it. One major point was Google's new video service and perhaps more interesting from a security point of view is the new Google DRM.
Someone Annoy You On The Net? Call the FBI There are many cybercrime issues facing the world today. Identity fraud, denial of service, hacking into national defense networks, etc. A new law however introduces an a who new aspect to cybercrime, one that goes above all the others. That crime is using the Internet to annoy others.
WMF: The Fix Is In Late on Thursday afternoon, Microsoft put out an announcement they would be releasing their patch for the WMF exploit that afternoon. By about 4:30 pm EST, they started the distributing the patch. This was crucial for Microsoft, who had already been beaten to the punch by a third party developer.
Sobers Stay Sober…No Buzzing Yet A Sober worm, scheduled to wreak havoc at 12:00 am GMT on January 6, 2006 appears to have been nipped in the bud. Various security software companies have kept watches on the sites tied to the worm for download and nothing seems to be spewing so far.
Windows Vs. Linux: The Flaws The U.S. Computer Emergency Readiness Team (US-CERT) released a study last week saying Windows contained fewer flaws the Linux/Unix. Some experts are taking issue with that statement however, as the difference was fairly dramatic.
McAfee Tangles With SEC Over Securities Fraud McAfee Inc, one of the top names in the security software industry, recently worked out a deal with the Securities and Exchange Commission (SEC) regarding securities fraud. While McAfee agreed to pay penalties, they were able to walk away without admitting guilt.
Revised WMF Bulletin And Other Stuff The WMF vulnerability continues to cause problems in the computer world. Microsoft's official fix will be included in the monthly release now known as "Patch Tuesday." This morning, however, they updated their bulletin with new information. Some companies have begun to distribute their blocks for the vulnerability.
Shuffling Off With iPods Probably when most people think of theft and iPods, many think of downloading illegal music. Not so in this case out of Manchester, Connecticut. While we generally deal with cyber security issues, sometimes interesting tidbits come along that are worth noting.
Rough Year For Security The year that just ended was phenomenal year for computer security and by that I mean phenomenally bad. Reports are surfacing of the final damages for the year and it ain't pretty folks. Cybercrime was nasty at all levels and perhaps none more than identity fraud.
Breaking WMF Update: Microsoft Releases Patch Early It would seem the updates for the WMF may have started already. Reports are coming in of the update kicking and Microsoft issued a press release about the update not long ago. While bulletin says the update won't be available until 2:00 pm PT, the updates started earlier than that.
Florida’s $11 Billion Spammer It looks like spamming is finally catching up to people. Robert Kramer was a victim of spammers or more specifically, his ISP, CIS Internet Services was. He's the owner of this business because he claimed James McCalla of Miami spammed 280 million emails to CIS accounts.
Unofficial WMF Fix; Microsoft WMF Patch Leaked The big ugly known as the WMF exploit continues to be a point of nervous pessimism as many XP users wait for Microsoft to release their fix as part of the patch day package. Even though an unofficial patch has been floating around for a couple of days, the official fix, planned for release on Jan. 10th, leaked out on Wednesday.
Permeo Sewn Into Blue Coat For $60 Million Some other kids in Sunnyvale called Blue Coat Systems announced on Tuesday their intention to acquire Permeo Technologies. The deal, worth $60. 8 million, breaks down into $13.4 million in cash and $47.4 million in Blue Coat common stock.
Surprise: New eBay Spear Phishing Scam One of the strengths of eBay is the openness with which people can do business. It's easy for people to set up their own business around eBay. It's essentially an open market and people pay their booth rental fee and that's it. The strength is also a weakness. The openness can lead to fraud problems and phishing scams seem to top them all. Now there's a new one.
Sober Virus Making Rounds In the midst of all it's other problems right now, Microsoft published an advisory regarding the Win32/Sober virus. It seems somewhat minor, but the cyber criminals never give people a break.
WMF Exploit Still On The Move The WMF exploit appears to be the nastiest exploit for any software in quite some time. The zero-day vulnerability has no known cure at this point as the first worm surfaced. There are some workarounds but they aren't the best choice. Microsoft is working on the fix. They say they've got it and it's in the testing stages. They plan on releasing it on Patch Tuesday.
Kaspersky Top 20 For December Moscow-based Kaspersky released their top 20 viruses for the month of December. Interestingly enough, the list was pretty much entirely worms for them and Mytob seemed to be the most common threat.
Justice Dept. Not Protecting SSNs Social Security numbers (SSN) are generally used for one thing: Social Security. That's all they're supposed to be used for. They are supposed to be a fairly private number because possession of it could allow certain records to be manipulated. How is it then, that the Department of Justice (DOJ) published SSNs on its website.
₤300 of Spam Spammers in the UK may have met their match. English Internet guru Nigel Roberts stuck it to spammers in the UK using EU law. The company, Media Logistics, has agreed to pay ₤300 in fines to Robertson.
China Pops Porn Chinese authorities cracked down on Internet porn, saying on Friday they shut down 598 web sites. This the latest attempt by the Chinese government to crack down on illicit Internet activities, but they said fraud and online gambling continue to proliferate.
More Cookies In Washington: Off To the White House It would seem the National Security Agency (NSA) isn't the only organization watching who visits their site. The White House also appears to be in on this particularly illegal activity. Reports surfaced that cookies, banned by the Office of Management and Budget (OMB), not only were being used by the NSA but by the White House as well.
Going Once…Going Twice…eBay Buster Faces 10 Years A Beaverton, OR. man pleaded guilty to the 2003 denial-of-service attack against Internet auction house eBay. The crime involved infecting tens of thousands of computers and with a worm and utilizing that network to assault eBay.
Microsoft Issues Bulletin For New Flaw Microsoft released a security bulletin on Wednesday night regarding the zero-day security vulnerability in Windows XP and some of the 2003 server operating systems. They problem affects the Graphics Rendering Engine in Windows and is creating havoc as reports come in of over 50 variants on the code.
NSA Uses Illegal Cookies On Web Site The National Security Agency (NSA) appears to be in a bit of a spot. In their zealous efforts to monitor telecomm traffic of all kinds, they utilized cookies on visitors to their site, an activity strictly banned by federal rules.
Panda’s Most Wanted Panda software released their top ten most wanted viruses and spyware on Thursday. The list covers what was most frequently picked up by the ActiveScan system.
Sony BMG Settling One Rootkit Lawsuit Sony BMG is in the process of settling one class action suit against them for their recent fiasco. The preliminary settlement was submitted for court approval. The rootkit fiasco was discovered several weeks ago and this discovery extracted a heavy price from Sony BMG.
AOL’s Top Spam Dishes In 2005 Spam is always a favorite food in the tech world and 2005 was no different. AOL published their top recipes for the delightful dish for the past year. Topping the list were things like Donald Trump and "penis patch" but there were others.
XP Victim Of Zero-Day Exploit The nightmare of software companies is the zero-day vulnerability and it's hit Windows. The exploit is tied to Windows' image rendering or more specifically, Windows Metafile (WMF). The vulnerability is being actively exploited and there is no patch.
New Years’ Bagles Need Locks Bagles are always a tasty breakfast, even at New Years. This year is no different. A whole new slew of viral emails are making the rounds and they're loaded with Bagles. The warnings are out for folks to update their virus protection.
Florida Attorney General Spamming? Many people see spam email as a vile thing. Many legislators and other elected officials rail against spam as one of the evils of the modern world. It is. Florida Attorney General Charlie Crist (R-FLA) has taken up the cause against spamming but it appears he may be a spammer himself.
Korean Bank Hacked By Chinese Hackers The Jeonkuk Mutual Savings Banks out of Gunsan, North Jeolla Province, had its website hacked by Chinese hackers. This is the first time a domestic bank was hacked by Chinese hackers.
NSA Sends Out Spyware Scandals continue runs rampant through the nation over recent admissions by the federal government of eavesdropping. The issue has tuned into an argument over presidential powers. One aspect to this argument focuses on the Internet world. The NSA uses spyware as part of their electronic eavesdropping network.
Complex Trojans Go After Online Banking A new Trojan virus is making its rounds, focusing on Spanish-speaking Internet users who utilize online banking. The virus combines social engineering via instant messenger and uses spyware and phishing.
Visa Faces Merchant Hacks The massive credit card empire known as Visa may be facing a serious problem after the company admitted a merchant experienced a security breach. This breach compromised credit card numbers and all the accompanying information on the account.
Virus Poses MSN Messenger 8 Beta It would appear the MSN's Messenger 8 Beta was leaked. But it wasn't. There is no MSN Messenger 8 Beta available yet. A new virus is floating around the web posing as bootlegged version of the new instant messenger. There are two ways to get it but users must actually download it. So don't.
New Flavors of Bagles It would seem new variants on the ever-popular Bagle are running around. The folks at Finnish security company, F-Secure, said they've picked up on a Bagle-related downloader and a number of variants floating around the Internet.
iTunes and Quicktime Problems Exposed An independent researcher discovered some problems with .mov media files and it's being rated as critical by security firms. The flaw could create real problems for folks using either iTunes or Quicktime.
Texas Saddles Another Claim On Sony Texas Attorney General Greg Abbott reloaded his shootin' iron and has spyware killers as he filed new claims against Sony BMG. Abbott levied charges of deceptive trade practices for hiding spyware in the disc against the multinational music company.
2005: The Year In ID Fraud It's been a busy year for cyber security and perhaps no area was busier than identity fraud. Dozens of companies fell victim to various forms of theft regarding their customers' personal information. Let's take a look at some of the problems this year.
Charges of Spyware Against 180Solutions, Direct Revenue and eXact Three companies were named as defendants in a class action suit filed yesterday in California Superior Court in San Joaquin County, charging distribution of spyware and malware. The companies' names include 180Solutions, Direct Revenue and eXact and the suit calls for them to stop distribution of their software and pay damages.
A Merry Trojan Christmas Every year, many people are lacking for clever gift ideas that everyone will find appealing, especially the person you're purchasing for. This year, a new gift has surfaced for email users everywhere. A new Trojan has arisen called MerryX.A and it uses the splendid holiday to sucker in people and infect their computer.
French Fire Guns In File Sharing War One must occasionally love the French. File sharing has become a serious pain in the arse for many a company producing music, movies or software. France however likes to make the pain really burn and they did. The French Parliament passed a law late last night, legalizing free file sharing of music and movies on the Internet. This is going to create a problem for media companies and the government itself.
Gang Of Hackers Arrested in Moscow A gang of suspected hackers was charged with breaking codes to slots machines the Russian Interior Ministry said on Wednesday. It's believed these hackers made off with tens of thousands of dollars in the scam.
Mobile Hackers On The Move In 2006 Big-time cybersecurity company McAfee talked about the threats to cybersecurity in the coming year. The unveiled their outlook for 2006 the forecast is somewhat cloudy as they expect a tremendous rise in mobile threats as well a continued rise in phishing scams and identity fraud.
Sober Worm Nabs Kiddy Porn Collector It's always odd how things turn out. The Sober-Z worm has been annoying to many to say the least. It floated around with CIA or FBI email addresses or in some cases the German equivalent called the Bundeskriminalamt or Federal Crime Office. The wormed emails did catch one person by surprise and it turned out well. The person was a child pornography collector.
SANS Security School: Time For Masters The folks at the SANS Institute are offering graduate degrees with the first classes starting in February. The program is designed to instruct and teach on cyber security for the future.
A Case of Hacker Extortion The hackers hit another company. This time the company was well-known role-playing game company White Wolf Publishing. While they don't suspect any credit card numbers were stolen, the hackers did say they would post the account information they received on the Internet unless paid.
Sunbelt Completes Purchase of Kerio Sunbelt Software announced on Tuesday the completion of their acquisition of Kerio Personal Firewall from Kerio Technologies. The well-known firewall service will make a strong addition to Sunbelt and includes the Kerio ServerFirewall designed for Windows server operating systems.
You Know Dasher And… An appropriately names worm called Dasher-B is floating around as the holiday season is upon us. Sophos Labs came out with a statement regarding the new worm, which exploits vulnerabilities documented by Microsoft earlier in the year. Sophos is warning people to update their anti-virus protection and security patches are up-to-date.
The Tech Industry Is Watching You… Something I heard about a few years ago was a system of having software and hardware tied together in a computer to mark the system and it's user. A new chip designed to combat fraud and piracy on the Internet using just that system is in the works. A new security chip, called the Trusted Platform Module (TPM), will be put into all kinds of systems, not just computers.
Iraq Security, Technology & Communications Summit An upcoming summit in Iraq focusing on a variety of issues will cover a lot of ground in the struggling country. The Iraq Security, Technology & Communications Summit will bring in minister, deputies and director generals from the Iraqi Ministries of Defense, Interior, Communications, Science and Tech, along with the Iraqi National Security Council.
RIAA Lawsuits: One Size Fits 751 The RIAA continues its efforts to wipe out music file swapping as they filed 751 lawsuits on Thursday. This is part of their long-term campaign by the RIAA to stop what they call illegal copyright infringement.
Dutch Hackers – 1/Xbox 360 – 0 Why do they do it? Because they can. The Dutch hacker group, Team PI Coder dug into the Xbox 360 and hacked the game console not two weeks after it was released. Apparently, the team didn't have much of problem cracking the console either.
Meth Heads and ID Fraud A new trend in the illicit drug world is to generate income for the purchase of said drugs through identity fraud. It's an easy way for junkies, particularly meth heads, to get the kind of money they need to support their habit.
China Accused of Hacking U.S. Systems The world's most populous nation denied charges of hacking U.S. military computers after a cybersecurity expert suggested Chinese military in southern China were going after U.S. networks.
iDefense: TrendMicro ServerProtect Vulnerability iDefense announced vulnerabilities in TrendMicro ServerProtect. The remote user can execute arbitrary code on the target system. The remote user will also be able to view files an cause denial of service conditions. Not good for a company who's supposed to stop this stuff.
Best Practices Guide For Email Marketers The Email Sender and Provider Coalition (ESPC) just released their "ESPC Best Practices Guide." The book is a list of guidelines that help reinforce the industry best practices for email communications and includes an updated version of the "ESPC Email Marketing Pledge." The guide covers a number of areas including permission, disclosure, address collection, content relevancy, unsubscribe practices and referrals.
E-Voting Security Plagues Diebold Electronic voting machine maker Diebold continues to have a number of problems. Most recently, the CEO of Diebold resigned the top position the company. This resignation happened on Monday, just before a shareholder lawsuit was filed by a Connecticut law firm charging the company execs tried to downplay voting system issues in the last election.
UK: Internet Villain of the Year This year has been a tough year for the UK, particularly as President of the European Union. They've dealt with terrorist attacks in London and fought with European nations over various issues in for the EU. One area they've been relentless in is toughening data retention laws and as such, they've earned the "Internet Villain of the Year."
Another Problem For Patch Tuesday The monthly Microsoft event known as "Patch Tuesday" has become somewhat of a mixed blessing for Microsoft in recent months as they often come with caveats. This month, the updated corrected a "Critical" flaw and an "Important flaw. It also causes some approval problems for previously approved updates.
Microsoft’s Exchange “12” Beta 1 Redmond-based Microsoft announced the release of their Exchange "12" Beta 1. This is the highly secretive code name for their server for e-mail, calendaring and unified messaging to the first round of testers.
The Fake McAfee Patch The hacker hit parade continues as phisherman launched their most recent attack, namely in the form of a fake McAfee patch. This isn't the first time hackers have taken seemingly legitimate names and attached various cyber-criminal activities too them. McAfee is just the latest.
Firefox Hates Long URLS The kids at Mozilla say they've got a problem with long URLs in the Firefox 1.5, the latest release of the up and coming browser. Sites with long domain names make it seem like the computer has crashed.
Russian Today TV Channel Booted By Hackers The Russian 24-hour English- language news channel, Russia Today, stopped broadcasting operations on Monday after hackers tried to crack their computer network according to a news release from the network. The station went on the air on Saturday.
CSIA, BSA Applaud Senate Report The CyberSecurity Industry Alliance and the Business Software Alliance both announced their support for the report urging ratification of the CyberCrime Treaty. The report, put out by the Senate Foreign Relations Committee, advances the status of the treaty signed by the U.S. in 2001 and following the Convention on Cybercrime adoption by the Council of Europe.
Microsoft Update or Trojan Virus? In yet another annoying move, virus writers have done something new. They've created a new Trojan virus looking incredibly like a spammed Microsoft Security update email. It goes through the motions of the standard update and the great thing is, on the initial run, only a few of the virus scanners picked it up.
Airport Security Codes Stolen From Japanese Pilot Japanese Airlines (JAL) reported one of their co-pilots had restricted codes stolen from his laptop computer via a computer virus. In a move worthy of the best laxatives, the pilot compromised security for a number of Japanese airports as all the codes were promptly posted to the Internet.
Firefox Users Watch Out The kids at Mozilla just released 1.5 and everyone's excited. It also just crack double digit market share so it's moving along nicely, especially in the face of still dominant Internet Explorer (IE). The open source browser has gained a lot of popularity but as it does, hackers are also taking notice.
eBay gets Phished Out of The Water Online auction house eBay just got suckered by a phishing scam and they're not sure why. Apparently, the scam site was so good, they thought it was one of their own. It does make one wonder about the people working in eBay's security section.
Sony BMG Admits Disc Fix Floppy Sony BMG continues to look for new ways not to cause problems for themselves as professors at Princeton said they discovered the patch Sony and SunnComm distributed to fix security problems in the MediaMax content protection software causes more harm than good.
Podjacked Wars: Episode III A controversy is brewing on the Internet (isn't there always). This time around the notion of hijacked RSS feeds. Most recently, one Erik Marcus, owner of the Vegan.com and his podcast Erik's Diner accused Podkeyword of podjacking or hijacking the feed for his podcast.
Vulnerability Auction On eBay From time to time, eBay ends up with items for sale that make the casual observer raise their eyebrows. One recent case involved William Shatner, his kidney stones and starships. Most recently, the online auction monster pulled down something not quite so odd but potentially destructive, a vulnerability in the Microsoft Excel spreadsheet program.
81% of Home Computers Lack Key Protections The second annual report, published by AOL and the National Cyber Security Alliance, called the Online Safety Study found some alarming numbers regarding home computer security. Phishing scams raid home PCs regularly and many receive the phishing emails thought they were from legitimate companies.
AOL Now Offers Security Suite Lots of companies are offering security software these days. AOL is now offering their version of a security suite. They launched this venture on Tuesday and it works against viruses, spyware and identity fraud.
Patch Tuesday Loaded With Good Stuff Microsoft put out their advanced notification today for their monthly security bulletin. Tuesday the patch will be available and they do a webcast on Wednesday to follow up.
Nazi Computer Worms Looking For Hitler’s Brain So the headline's a little strange but the release of a new worm isn't. iDefense, a division of Verisign, reports the next planned attack of the Sober worm is slated to start on January 5th, 2006 based on commands hard-coded within the worm. The attack coincides with the 87th anniversary of founding the Nazi party.
Sony BMG Fixing Another Problem The Electronic Frontier Foundation (EFF) announced they reached an agreement with Sony BMG to fix the MediaMax Version 5 content protection software on some of their CDs. The two groups made a joint announcement saying the software developer; SunnComm is making a patch available to correct security vulnerability issues.
FBI Approval On All Software What's in your computer? Most people have a wide variety of software they've either purchased or downloaded. If the FCC has its way, in the future, all software will be FBI approved. While the policy document was released in September, the conversation needs to remain open about this.
November Nasty Month For Viruses As the year begins to wrap up, the reports are coming in for cybercrime in 2005. Viruses are always a point of interest and 2005 set new records for viral invasions. The list is topped by names like Zafi, Netsky and Sober and November has proven to be the worst month yet.
Security Fluff: Hottest Ladies In Security There's generally not too much in the way of silliness and fun regarding Internet security, identity fraud and cybercrime in general. Once in a blue moon, some creeps up though and there's a need to mention it. This time, it's the "hottest ladies in the security industry for 2005."
Podjacked! Or Not? A story SecurityProNews did last week and one that is floating around the Internet now regarded a possible new security threat regarding podcasts and more specifically feed systems. A young man, Erik Marcus accused Podkey.com of hijacking his podcast feed and holding it for ransom. It turns out that may not have been the case.
Sober: Internet Enemy #1 Tommy guns don't do a lot of good against this particular enemy. You can't put the light on ‘em, no good pigeons to squeal. Nope… this enemy spreads like a disease to unsuspecting victims under the guise of the CIA and FBI. The Sober virus has reached the upper echelons with hundreds of millions of these critters tagged and bagged. There's a lot more out there though.
DSW Settles Up With FTC Designer Shoe Warehouse (DSW) agreed with the Federal Trade Commission (FTC) they need to do better. This comes as part of the agreement reached after DSW had the information for 1.5 million customers lifted from its computer systems back in March.
180 Solutions Sues Zone Labs Kirkland, Washington-based 180 Solutions (180S) has filed suit against Internet security firm Zone Labs based on how Zone Labs rates 180S in their anti-spyware program. The program was warning that software by the marketing firm should be considered armed and dangerous.
Sunbelt Buys Kerio Sunbelt Software announced on Thursday their plan to acquire Kerio Personal Firewall and be finalized by the end of the month. Sunbelt provides security software. Kerio is perhaps best known as one of two free firewalls left on the net.
Podcast Perturbations: Feedjacked A new form of an old crime happened recently. Podcaster Erik Marcus recently had his RSS feed redirected, hijacked if you will, and the person in question is demanding payment to release the podcast. The problem is the companies who could help Marcus haven't.
Spitzer In Spat With Sony… Again You knew it was only a matter of time before New York Attorney General (AG) Eliot Spitzer went after Sony for the rootkit row. Spitzer has battled Sony before and won. This malware debacle for Sony BMG continues to haunt them because it's starting to hit them where it counts… in the bottom line.
Hackers Break Windows, IE The security folks at Microsoft, via the Microsoft Security Response Center Blog, announced some additional problems with a previously announced vulnerability. New software exploiting the recently exposed Internet Explorer (IE) vulnerability made its appearance and Microsoft has updated the security bulletin as well.
What Did Sony Know And When Did They Know It? Everyone loves a great conspiracy story and Sony BMG is in the middle of one right now. They've lied about things, they've damaged computers, and they've even got the requisite cover-up. This isn't some crazy spy movie, it's the real thing. Word is out now, Sony knew about the rootkit and the problems it would cause well in advance of the current fiasco.
Watermarked Music Right now, the Sony's rootkit fiasco echoes around the music industry. Is there no valid, legal way to protect copyrighted material? Digital Rights Management is what most in the industry are working with and so far it seems to be coming out poorly. One method some are suggesting is the watermark.
Get A Free Trojan With Your Hard Drive "Have you seen a pack of Trojans? Nope. I just ran out." In a move of complete and utter brilliance, Japanese hard drive maker I-O Data shipped their portable hard drive HDP-U series complete with a Trojan, namely the Tompai-A. They should've used protection.
Choosey Kids Choose Illegal File Sharing The scourge of record companies remains file sharing. It comes as no surprise free songs are better than the ones people pay for, particularly to teenagers. A recent study by Jupiter Research confirmed that fact and that it's unlikely to change anytime in the near future. This doesn't bode well for the future of record companies.
Symantec Drops Sygate Personal Firewall Free firewalls appear to be on their way out. Symantec closed the book on Sygate's free and paid version of their personal firewall. Symantec said users will be give a discounted upgrade to their own product.
Sobering Up the FBI, CIA Last week, new variants on the Sober computer virus began to spread. The variants, Sober X, Y and Z spread in a new and dastardly manner, posing as emails from the CIA and the FBI. Both government agencies posted notices on their websites saying they don't send out unsolicited emails. This hasn't stopped this email and it's attachment from being successful.
Chinese Hackers Attack U.S. Military For sometime now a Chinese hacker ring, which many believe to be run by the Chinese government, has been wreaking havoc on the U.S. security infrastructure. This group, "Titan Rain," cracked in to mulitple military computers and stole several significant key programs. The question is what does this say about our own national cyber security infrastructure?
Scottrade Gets Hacked Online brokerage Scottrade sent letters out to customers saying they'd been hacked back in October. Scottrade is just the latest in widespread hacking problem that includes many firms much bigger than Scottrade.
Cybercrime Pays Better Than Drugs The adage was always that "crime doesn't pay." Unfortunately, the adage doesn't ring true, at least in the cyber world. Experts say profits from cybercrime cracked the $105 billion mark.
Sober Worm Update: CIA The Sober worm has been circulating the internet again in the form of email attachments to official looking emails appearing to be from either the FBI or the CIA. Both organizations have statements on their site but the emails and hackers who wrote them are devious.
Liberty Alliance Grows Identity Solutions The Liberty Alliance Project announced on Monday a host of new products come IBM, NEC, NTT and RSA Security to improve this list of interoperable identity solutions. The new products passed Liberty's testing at a recent conformance event. These companies demonstrated their products meet the stands for the Liberty Federation.
Beating Sony’s DRM Don't feel like taking back your Sony CD because of their rootkit row? A new method has been found to fix the DRM problem for consumers with minimal effort. The fix requires one basic item: masking tape.
FBI Victim of Email Fraud An official looking malicious email is making its rounds on the electronic superhighway. The letter, stating the FBI sent it, said the recipient was surfing illegal websites and the user needs to open an attachment to solve the problem The FBI sent no such letter.
Critical Flaw In Internet Explorer Folks who use Microsoft's Internet Explorer (IE) may be in for a wild ride as exploit code for a critical flaw in fully patched versions of IE begins to make its rounds on the Internet. This puts millions of users at risk for denial of service (DoS) attacks that hijack computers.
SANS Says Hackers Expanding Targets Security experts at SANS unleashed their Top 20 list today covering the top 20 cyber threats for 2005. Traditionally, attacks targeted operating systems like Windows and Unix or services like web servers and mail systems. This year, attacks went after application programs.
Boeing Bombs On ID Fraud Prevention Every time you turn around, you hear another story on ID fraud. There's another one today. Aircraft manufacturer Boeing happened to lose a laptop computer. A number of questions come up about why all those names would be on a laptop but then another question comes up. Doesn't Boeing have some kind of government contract?
Texas Versus Sony BMG The independent nation of Texas declared war on Sony BMG Music Entertainment on this day, Monday, November 21, 2005. Texas Attorney General Greg Abbot levied the charges in Travis County, charging Sony BMG knowingly unleashed spyware on the good citizens of Texas and in so doing violated the state's anti-spyware laws.
IM Worm Slithered From Middle East FaceTime Communications said a group in the Middle East controlled an instant messenger rootkit worm tied to the WorldWide Bot Network. They announced the worm on Thursday and said the worm provides a backdoor into people's computer system.
A Lesson In Smart Counterfeiting Yes, I know counterfeiting money is a federal offense. I'm not advocating it in the slightest. Treasury Department tends to get rather irritable when you try and do their job for them. Fair enough. But, if you're going to take on the Treasury folks, you better use your head though, unlike two gentlemen in Arizona who forgot to clean out their printer before getting it repaired.
Corporate Criticism in Sony Rootkit Row What defines a good cyber security company? Is it response to new threats? Is the customer service superb? Do they keep your computer protected? When Sony BMG issued CDs with malware, most of the big time security companies were quiet. Even after it was discovered, they remained quiet for a while.
Google Sitemaps Security Problem SecurityProNews doesn't mention Google much because things like identity fraud and new worms get the majority of the talk. A new problem has turned up for Google in their sitemaps system and it could be fairly serious because it allows anyone to access a site's metrics.
Guilty Pleas From Shadowcrew When Secret Service nailed credit card and identity fraudsters associated with the Shadowcrew.com website last year, they uncovered a major operation. 28 people charged. Six of those 28 pleaded guilty on Thursday.
Cyber Security: Cutting The Lines Right now, Internet network company Cogent is in world of hurt. They've had their lines cut in two different places, New Orleans and Washington D.C. It's disrupting traffic from Minnesota all the way to the east coast of the U.S. and it could be hours before the problem is rectified. Regarding cyber security, it shows the physical part of the network is as important as the all the other stuff.
Even MORE Problems For Sony BMG It seems to me Sony BMG needs to do a little research when it starts picking out its vendors for DRM software. They've received more grief in the last two weeks then they have for most anything they might have done in recent years, maybe ever. Some security folks are claiming today that the code used in the DRM software they picked up from F4I violates the GNU General Public License for open source software.
Hackers Raid 5300 Indiana University Students Students at Indiana University recently received an unpleasant notice saying their personal information had been compromised. Hackers acquired access social security numbers and other information.
Microsoft Works On Phishing Microsoft announced they've teamed up with three new data providers, Cyota, Internet Identity and MarkMonitor. These companies will regularly contribute information on confirmed phishing websites. These will go towards enhancing Microsoft's Phishing Filter and SmartScreen Technology.
AntiSpyware Initiative: Yahoo, AOL, CNET, and Verizon Some big players came into the antispyware game on Wednesday as a number of companies signed on for stringent standards to stop the distribution of insidious spyware. The Trusted Download Program beta from TRUSTe is a program put together that will force software vendors to "clearly and unavoidably communicate key functionalities and obtain consumer consent prior to download."
Buying the Black Hat CMP Media announced the purchase of Black Hat Inc. Black Hat, founder Jeff Moss will stay on to run Black Hat as director. CMP believes this new acquisition will make them the strongest platform in the computer security media market.
Microsoft Windows More Reliable Than Linux? Security Innovation (SI) recently conducted a study commissioned by Microsoft, regarding the reliability of Windows versus Linux. The firm, SI, was independent but it does seem a bit suspicious saying Microsoft is more reliable than Linux. The study did say Windows was more consistent, predictable and easier to manage than Linux.
Visa Joins CSIA Credit card company Visa announced their membership in the Cyber Security Industry Alliance (CSIA). CSIA is a public policy and advocacy group dedicate to exclusively to cyber security. Visa, as a multinational, will be able to provide a unique insight as the world's leading payment brand. Visa enters the organization as an enterprise member.
Sony BMG Making Matters Worse Sony BMG continues to have problems over their rootkit distribution problems in what has turned into public relations nightmare. It seems like they've done everything wrong in this situation and they continue to make it worse. Now, it's been discovered the cure is actually worse than the disease.
Sobering Up To Users: Sober Clones On The Loose Variants on the Sober worm are circulating right now according to recent information from Moscow-based Kaspersky Lab. The worms are modifications of the original program, Email-Worm.Win32.Sober.
88% Of IM Worms Mutated in Last 11 Months Instant messaging is a fast growing shipping line for worms. IMlogic said in their recent study that over 88% of the worms they tracked mutated at least once. IMlogic believes the speed of these mutations poses a legitimate threat for both home user and corporate instant messaging.
Pfizer Finds Viagra Spam Hard To Beat In Holland Pharmaceutical company Pfizer, best known as the maker of Viagra, is warning consumers in the Netherlands to beware of Viagra spam because they state 97% of the pills sold are counterfeit.
TrendMicro Backtracks On Trojan For MS Security company TrendMicro backtracked on a new Trojan they said they discovered last week that played upon new vulnerabilities in Windows. Microsoft announced the graphics vulnerabilities during the monthly patch update last week, namely patch MS05-053.
Sophos, Microsoft Targeting Sony Spyware And Blu-Ray Last week, security company Sophos announced they'd found a cure for the Sony rootkit-driven DRM. Microsoft announced they would be defending against the Sony-distributed rootkit on their Anti-Malware blog their Malicious Software Removal Tool. Sony maintains the rootkit was not malware.
Consumers Want Online Security A new study by Unisys says consumers will pay for improved security for protection against identity fraud. Identity fraud is perhaps the greatest single threat to commerce on the Internet and realistically, to consumer banking in general.
Trojan Circulating For Windows Vulnerability Microsoft released their latest security patch on Tuesday. A Trojan exploiting the vulnerabilities was there on Wednesday. TrendMicro spotted the little nasty on Wednesday and rated the damage potential as high.
Spyware, EULAs and AntiSpyware Companies One big issue working through the Internet world right is the limitations of End User License Agreements (EULA). The issue is part of the battle with Sony BMG and their rootkit problems and a number of companies who produce products used as adware or spyware are fighting with antispyware companies for listing them.
Yahoo IM Hit With Big Phish A new phishing scam is trying to phlounder Yahoo's instant messenger (YIM). IMlogic discovered the piscine pest is being broadcast over the entire YIM network. It's the latest attack by phishermen in the instant messaging world.
Enternet Media Raided By FTC, Shut Down Accused spyware distributor Enternet faces charges after a federal judge shut them down on Thursday. The Federal Trade Commission (FTC) filed a lawsuit and was subsequently granted the court order closing the California company down.
Tsunami Hacker Got A Real Job Recently convicted Daniel Cuthbert got a job slightly better than most convicts. The convicted stemmed from his hacking into a Tsunami fund-raising site. For most criminals, something so heinous would be the end of the line. But Danny boy wasn't crying this week.
Surprise! Microsoft Security Patch Problems Microsoft continues to have problems with their monthly patch updates. In August and October, it was problems in the patch itself; September they didn't have a patch and in November, it's something even more basic, they can't get their Software Update Services (SUS) to work properly in distributing the software patches.
Sony’s Rootkit Row Off To Court Technology giant Sony is heading to court for lawsuits filed after the company distributed spyware in the form of rootkits in a number of their music CDs. Sony's attempts to protect their music rights through Digital Rights Management (DRM) and then adding the rootkit has created tremendous problems for Sony, including possible criminal actions.
Sony Rootkit Update: Through The Back Door Sony appears to have more problems now. Security firms Kaspersky Lab and Sophos discovered the first malicious software to crawl through the backdoor of Sony BMG's rootkit. Many critics warned this problem would occur and Sony BMG's statements blew them off. They may need to reexamine the situation.
ID Fraud Continues Unabated in Arizona, Oregon Both Arizona and Oregon both reported major identity fraud busts on Tuesday. The ID fraud included just about all the information one needs to complete the transaction. The arrests involved stolen credit and debit card info and social security numbers.
Oracle Patch Problems It seems like everyone is having patch problems. On Tuesday, NGSResearchers discovered problems in Oracle's most recent Critical Patch Update. The biggest problem stems from the patch's failure to install the Oracle Text components on Oracle 8.1.7.4 on all operating systems.
Phishing In Bermuda Customers of the Bank of Bermuda need to keep an eye out for the latest phishing scam because it's coming for them. The attack, launched from Lawrenceburg, Tennessee sent spam emails in an attempt to get people to turn over their banking information in this nefarious plot.
Microsoft’s November Security Bulletin: Friend Or Foe? Microsoft sent out their new critical patch on Tuesday and it was loaded with major fixes, 3 to be specific. While this Tuesday patch has become a regular event with Microsoft, their most recent releases haven't been all that successful. In some cases, they've done as much damage as they've corrected. Is the November patch going to be more of the same?
Los Angeles Virus Spreader Gets Inoculated A Los Angeles man is being held without bond after being charged with spreading electronic viruses in order to get control over computers, mainly military and sell the access to spammers, hackers and other cyber criminal types.
Linux Needs A Wormer A new variation on the Slapper and Scalper worms has crept into the Linux lines. Most major security companies have picked up on it and have issued bulletins. Linux doesn't get hit as often as Windows but it does get hit. While this worm isn't considered life threatening, it can be quite annoying.
Experiment Shows Many Consumers Phish Bait RSA Security recently conducted a survey to determine just how much personal information people would cough up. The survey was conducted in New York's Central Park by a team dressed in I LOVE NY shirts. The survey was supposedly about tourism in the Big Apple and they reeled a lot of people in.
Google Getting Phished? Security firm Websense received reports of a nasty little phishing scam using Google as bait. A spoof web page with Google's logo plastered all over it and looking remarkably like Google's own site also had a big line saying "You WON $400!!!"
Global Experts Speed Adoption Of Authentication Standards The Liberty Alliance Project announced on Tuesday the formation of a global, cross-organizational group focused on developing open specifications for interoperable strong authentication.
More on Sony Rootkit Sony BMG angered many with their recent tactic of putting spyware on their music CDs to protect copyrights. They offered a remedy in the form of a patch pretty quickly.
Google Profile Ranking Patent And Privacy Google recently filed for a new patent for a system and method for using a user profile to order placed content in search results returned by a search engine. This will allow Google to rank organic results based on the user profile. Is this a brilliant innovation or an incredibly invasion of privacy?
Microsoft Unleashes The Defender Reports surfaced on Friday from Microsoft bloggers of Microsoft's overhaul of the Windows anti-spyware software. The new version will be called Microsoft Windows Defender and will be included in the upcoming Windows Vista.
Juniper Snatches Man In Black Hat The Cisco annoyance and Black Hat hacker Michael Lynn joined the kids over at Juniper Networks. Lynn got some grief back during the summer when he exposed major flaws in Cisco's routers at the Black Hat Briefings Conference in Las Vegas.
First Successful Copyright Violation Case A Hong Kong hack is headed to the hoosegow for three months in what is the first successful prosecution of copyright violation in the world. The pirate got caught offering movies using the BitTorrent software.
Microsoft Advocates Privacy Legislation Mr. Smith went to Washington and addressed the Congressional Internet Caucus. Brad Smith, senior vice president and general counsel for Microsoft, called for a strong national standard for privacy protection to protect consumers and set guidelines for businesses while still allowing commerce to flourish.
UK Courts Rule Denial of Service Not Illegal A British teenage charged with attacking his former employer through an email denial of service (DoS) attack walked away after the judge ruled current UK law didn't cover this type of attack.
Microsoft Patches Create Even More Holes Microsoft's patching has had an incredible run of bad luck lately because they appear to be doing as much damage as they're preventing. The last two security releases, in August and October, Microsoft said might cause ActiveX controls and Java not to work properly on some websites.
Sony Spyware Update: Opening Your PC For Hackers Since the story began circulating yesterday of Sony BMG distributing spyware on their music CDs, Sony has reacted to the criticism bellowing out in their direction. They now offer a patch to correct the problem but does it really? One might argue they've already crossed the line when they began freely distributing this spyware to their paying customers.
Estonian Hackers Charged With Cracking Business Wire The Securities and Exchange Commission (SEC) went after two Estonian men, charging them with hacking Business Wire, distributor of corporate press releases. The SEC say they utilized information gleaned to make profitable trades.
Sony Distributing Spyware Sony, in their futile digital rights management efforts, has taken to playing dirty with the music CDs. Multiple security sources are confirming the existence of spyware in the form of rootkits on Sony's music CDs. This behavior is unethical in the eyes of many and the legality may be questionable as well.
Downloads Cause Problems For Grandpa, Grandson The Motion Picture Association of America (MPAA) once again charged after seemingly unlikely criminal when they filed suit against a man because his grandson downloaded four movies on their computer.
IM Threats Up 1500% Instant messaging (IM) security entity IMLogic released new figures on Tuesday detailing the onslaught on instant messengers by hackers and other with malicious intent. The nasty code floating through disables anti-virus software and logs end user keystrokes to steal identities.
Computers Catch Bird Flu It's nice to see virus writers have a morbid sense of humor. One of the most recent viruses to hit the web waves is called the Naiva.A, essentially Avian spelled backwards. The kids at Panda spotted this low-risk, bird-brained virus last week and posted it on Monday.
Apple Patching Holes Apple posted their 10.4.3 update, patching a number of holes in their product. Five problems were found at various points in Apple's OS X. The patch is available for download now from their Apple Downloads section or the Software Update section.
AIM Needs A Wormer AOL's instant messenger network known as AIM is under assault from the nasty W32/Sdbot-ADD worm. The little bugger is passed through instant messages from members on a user's buddy list and within chat rooms.
Internet Caution On The Rise Consumer confidence is always a major factor in judging the state of the economy. Recent studies gauge consumer confidence and usage in the Internet. These studies show more people are using the Internet and more people are making purchases online. It also shows those people are much more cautious about all their online business.
IBM Sharpens The AXE The folks at IBM's Almaden Labs have an AXE in the pipeline. The new program will keep viruses and worms from running sans antivirus software.
Zotob Damages Hit $97K, Could Be Worse Virginia based Cybertrust released results on Wednesday of a study of 700 enterprises and the impact of the Zotob worm to organizations worldwide. The damage caused by the Zotob worm affected Windows 2000 systems back in August and created real problems for the impacted systems.
National Cybersecurity Simulation On Hold The Department of Homeland Security (DHS) said on Wednesday they would be delaying a national cybersecurity test until February due to a reshuffling of resources. The cybersecurity division is about to undergo some major changes but it looks like those changes may be delayed.
Troy Group Reports e-Check Servers Compromised The Santa Ana based Troy Group reported it discovered its e-Check servers had been compromised. Troy filed a report with the FBI and notified customers hackers had been into their computer systems. The company said they've also begun their own forensic analysis into the incident.
ID Fraud – More Than Just Your Computer I received a letter from my mortgage company telling me my information had been compromised. It would seem my primary lender had a security breach in the form of stolen laptops. They had a private firm working on software and this firm left the computer with all my data in the trunk of their car. Those computers were stolen.
Microsoft’s Critical Flaw In Critical Patch All of a sudden, Microsoft is having some terrific problems with their patches. In September, they stopped the patch release at the last minute. They've already had problems with the October patch and then they announce it won't work on some systems. What's up with Microsoft's patches?
Microsoft Toughening IE7 Microsoft's making Internet Explorer (IE) 7 a tougher browser by giving the boot to Secure Sockets Layer (SSL) 2.0 and sliding Transport Layer Security (TLS) 1.0 into the slot. These changes will users a more secure environment to utilize the Internet.
FCC Tightens Security Grip On Colleges And Universities The Federal Communications Commission (FCC) said last week in the Federal Register they are laying down the law on colleges and universities, online communications companies and cities to make it easier for the federal government to comb emails and other electronic communications.
Trawling For Suckers: Nigerian Style Email Scams One of the big issues in the cyber realm today is cyber scamming and none appear to be cyber scamming better than the Nigerians. Every day, I get emails from scammers trying to get me to help them get money in the U.S. or I've won a lottery or some one needs to be rescued. I'm sure you've gotten some too. Why do they do this? "SHOW ME THE MONEY!"
Ballmer Talks About Vista Security Microsoft CEO Steve Ballmer spoke on Wednesday at the Gartner Symposium/ITxpo. He covered a number of topics and one stuck out prominently. The security concerns for Windows: Vista have been paramount in discussions because various versions of Windows have been brutally attacked by hackers all over the world for years.
Spyware Still In Town Spyware still runs rampant throughout computers and many don't even realize they've got it. Companies often don't realize just how deep spyware runs through their computers and what exactly they can do about.
Microsoft Trying to Sew Up Holey Patches Microsoft released its regular monthly patch in October and while it was supposed to clear up some major security problems in Windows, it created whole slew of other problems that including locking users out of their PCs.
Feds Want Tougher Online Bank Authentication The federal government toughened online authentication requirements with a new set of rules to make it tougher for online criminals. The feds want something more than the current system, which in most cases, is just usernames and passwords.
New ID Guidelines The Liberty Alliance Project released their new guidelines for federated identity management on Tuesday. The global consortium helps organizations manage business, legal and privacy standards regarding the deployment of both open federated identity standards and identity-based web standards.
PassMark 2.0 Neural Networking Against Online Fraud PassMark announced their new version 2.0 of their Two-Factor Two-Way Authentication system. The package is designed to give financial institutions and their customers protection against phishing, spoofing, keyboard logging and other attacks.
Microsoft October Security Bulletin After problems with the monthly security update in September, October looks to be back on track. Although seemingly a bit delayed in the bulletin, it's now on the website with details, including 9 total security bulletins, one of which ranks at the highest maximum severity rating.
FTC Sends Odysseus Walking The Federal Trade Commission asked a U.S. District Court judge to end the journey of Odysseus Marketing, charging the company offers free software and then when downloaded, loads the computer with all kinds of spyware and adware that cannot removed through normal means.
Microsoft Securing For IT Future Microsoft announced plans for securing their IT future today in Munich and discussed their Microsoft Client Protection for guarding enterprise desktops. They also unleashed the SecureIT Alliance. The consortium is dedicated to protecting all customers from the evils that Internet hackers do.
Holes Found In Symantec Antivirus Scan Engine Symantec said they've got a problem in their antivirus scan engine. While they've patched the flaw, naughty hackers could still catch unwary users off guard.
AOL Trying To Net Phisherman America Online (AOL) announced earlier in the week they aim to protect their millions of subscribers with new initiatives aimed at slapping down phishing attacks.
China, The U.S. And DVD Piracy The Chinese handed over Randolph Hobson Guthrie to U.S. authorities in Los Angeles to face multiple charges of copyright infringement last week. The Chinese convicted Guthrie of selling pirated DVDs and he's to appear in U.S. federal court today for a bond hearing.
Symantec Throws BindView in the Shopping Cart Security giant Symantec announced on Monday they signed a definitive agreement to purchase the BindView Development Corp., a provider of agent-less IT security compliance software.
Instant Messaging Becomes Instant Virusing "Lol, ha, check this out." This is the last message you saw on your instant messenger from your girlfriend. You click on it. Now you've got an ITD. What's an ITD you ask? It's an Internet Transmitted Disease. Don't feel bad though. Lots of people get them. With a little help, you can get it cured too.
Symantec Harpoons Software Pirate for $1 Million Top Internet security firm Symantec secured $1 million in restitution from a software piracy operation based in Houston, Texas. Li Chen pled guilty to one count of trademark infringement and agreed to the restitution as part of the plea bargain.
Cyber Crime Continues To Proliferate The cyber crime world is growing. No if, ands or buts about it. One of the biggest problems have been weaknesses in security with banks and other institutions that handle financial information. While California has a disclosure law regarding this type of theft, no one else, including the federal government, has anything like this in place.
Symantec Fishing For Antiphishing With WholeSecurity Megalith security firm Symantec agreed to buy WholeSecurity, a company which designs products aimed at fighting the most heinous anglers known as phisherman and there rather annoying baiting habits.
Putting Locks On The Bagle Trojan New bagles are flooding the web and it's not through your local bakery either. The British security company, SophosLabs, continues to monitor the flow of new versions of the Troj/BagleDI-U Trojan horse by spamming millions of email addresses.
Microsoft Sues Software Pirates Microsoft brought about her ship-of-the-line and began a broadside against bilge-soaked software pirates around the country. Microsoft aimed her guns, in the guise of lawyers at companies in California, Arizona, Illinois, Minnesota and New York and filed eight lawsuits charging copyright and trademark infringement.
|