Facebook security snafu could compromise accounts
Facebook vulnerable to critical XSS, could lead to malware attacks
Freedom of the Cyberseas
How lessons from the U.S. government's response to pirates in the early 1800s can help the next president of the United States improve information security.
Speed is of essence for next-generation Symantec products
Symantec pins blame for XP SP3 registry corruption on Microsoft
Blame XP SP3 problems on Microsoft, Symantec says
Jim Carr May 23, 2008
Security researchers at Symantec have placed the blame for a variety of problems users are experiencing with Microsoft's Windows XP Service Pack 3 squarely on Microsoft.
Thieves troll for execs with new Tax Court phish scam
Virtualization growth brings demand for specialized skills
Cybercrime, the ne plus ultra of black globalization
Date: May 26, 2008
Source: Blog.wired.com
By: Bruce Sterling
Police in the US and Romania have charged 38 members of a suspected phishing gang.The group reportedly organised the theft of online banking credentials using both email and text message lures. One phase of the attack involved the distribution of 1.3m fraudulent text messages that posed as communiques from a prospective mark's bank, according to the US Department of Justice.Data entered by unwary users into a fraudulent website was used to create counterfeit bank cards, which were then used to siphon money from compromised accounts. A percentage of the proceeds were allegedly sent onto Romania while the rest was kept by their US accomplices. Fraudulent transactions were made in Canada, Pakistan, Portugal and Romania.Customers of financial institutions including Citibank, Capital One, JPMorgan Chase, Comerica Bank, Wells Fargo, eBay and PayPal were targeted by the attack. A complaint over a fraudulent email ostensibly from Connecticut-based People’s Bank prompted an investigation that dismantled the alleged cybercrime ring. It's unclear how much the gang made through the scam.More than half of those charged are Romanian, while the others are US residents originally from South East Asia. Most of the suspects have been arrested in a series of raids over the last few months while some of the Romanian suspects remain unidentified.Seuong Wook Lee, a cashier operating at the US end of the scam, pleaded guilty to racketeering, conspiracy, bank fraud, access device fraud and computer hacking offences on 15 May, at a hearing in the US District Court in Los Angeles.
The Kind of Cybercrime Interpol Expects at the Summer Olympics
With cybercrime now a global phenomenon, perhaps it will take a global police organization to keep it in check. 30-Apr-2008
Cisco's Response to Rootkit presentation
Published: 2008-05-25,Last Updated: 2008-05-25 18:44:37 UTCby Stephen Hall (Version: 1)
Although I'm still waiting to see a copy of the presentation online, CISCO evidently have and they have posted a response.
You can see Mike Poor's evaluation of the issue here, and then jump straight across to CISCO's quite lengthy response on their site. CISCO have in fact produced what could become the enterprise de-facto process for good practice when deploying hardware and firmware. I can certainly see it being used by some internal auditors to keep us on our toes.
SANS says reverse engineering of Cisco patches possible
Greg Masters May 23, 2008
Three vulnerabilities in Cisco products are open to exploitation, warned the SANS Internet Storm Center.
How to Sell Security
It's a truism in sales that it's easier to sell someone something he wants than something he wants to avoid. People are reluctant to buy insurance, or home security devices, or computer security anything. It's not they don't ever buy these things, but it's an uphill struggle.
The reason is psychological. And it's the same dynamic when it's a security vendor trying to sell its products or services, a CIO trying to convince senior management to invest in security or a security officer trying to implement a security policy with her company's employees.
http://www.schneier.com/blog/
IBM Lotus Sametime Community Services Multiplexer Buffer Overflow - Highly critical - From remoteIssued 5 days ago. A vulnerability has been reported in IBM Lotus Sametime, which can be exploited by malicious people to compromise a vulnerable system.
"This past week, President Bush signed the Genetic Information Nondiscrimination Act, which would protect people from being discriminated against by health insurers or employers on the basis of their genetic information. 'the Genetic Information Nondiscrimination Act (GINA). GINA is the first and only federal legislation that will provide protections against discrimination based on an individual's genetic information in health insurance coverage and employment settings.'"
Open source software security improving
Inside Craigslist's Increasingly Complicated Battle Against Spammers
from the spam-fight dept
John Nagle writes in with a fascinating dissection of the ongoing battle between Craigslist and spammers. The back and forth nature of this battle is fascinating -- and somewhat disturbing when you realize the lengths to which spammers will go to get spam onto Craigslist, and the extent to which an entire ecosystem of scammers and software providers seems to have been built up around this effort:
The Strange Case of ‘Mr. Spilberg’
When analyzing malware, it is not uncommon to stumble across interesting situations. Recently, I have been analyzing a variant of a FakeAlert BHO. This threat isn’t notable; it displays “alert” pop-ups when correctly installed, and prompts users to download a fake anti-spyware product.
However, when analyzing it, I noticed that this BHO was trying to access a file named “f***youspilberg.bat” located in the root folder of my research machine. Of course, with such a name, I immediately got interested and started to dig deeper to see what was going on.
State officials try to determine scope of bank breach
Dan Kaplan May 23, 2008
The Connecticut governor has now issued four subpoenas as her office seeks to learn more about the Bank of New York Mellon data breach.
A Smarter Supercomputer
By Kate Greene 05/14/2008 1 Comments
A new design could run ultrahigh-resolution climate models.
Lawmakers See Cyber Threats to Electrical Grid PC World - Wed May 21, 4:50 PM ET
Lawmakers and an auditor's report raise concerns about cybersecurity among U.S. electric utilities.
Japan cracks down on virus with copyright law AP - Wed May 21, 4:05 PM ET
TOKYO - A student who allegedly spread a computer virus was convicted Friday of copyright infringement in a case that has highlighted the lack of laws in Japan to police cyberspace.
Experts warn of cyberterrorism threat AP - Wed May 21, 3:52 PM ET
KUALA LUMPUR, Malaysia - Officials from around the world agree they must cooperate better to fight the threat of cyberterrorism at facilities such as nuclear power plants.
British Telecom Denies Claims Millions Of It's Internet Customers Could Be At Risk From Hackers By Grey McKenzie Today
Switzerland's Cyber Crime Unit Says Goverment Employees Focus Of Cyber Criminals By Grey McKenzie 05/23/2008
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment